SERVICE MANAGEMENT, SMAAS, TOOLS-SECURITY08 September
What keeps a CIO up at night?
It is common practice to use the mentality of “nice to haves” vs. “must haves” when making decisions. But when making lucrative decisions about what kind of tools to bring on board to enhance your network’s security, there are many “must haves” that any CIO or IT administrator would want to take into consideration.
Secure Remote Access is the foundation of a good privileged access solution. An important consideration is how the connection from your privileged users and vendors is facilitated. For example, legacy methods, such as the VPN, generally do not utilize outbound connections and instead create a virtual tunnel directly into your network, therefore giving vendors the ability to gain a foothold in your network.
It is also important to consider a solution with authorization steps to ensure that you know when your network is being accessed and by whom. Organizations that use a VPN to manage their vendors typically do not know when their vendors are on their system and whether they are actually doing what they say they are going to do.
Lastly, secure does not have to mean complicated. A privileged access management solution should make things easier for you to manage. The ability to set up short cuts and jump points can support a fluid environment and help your administrators to respond to requests and changes quickly.
No tool, when it comes to security is a one-stop-shop; and if they claim to be, then chances are that all aspects of the solution are not individually the best one for the job. Integrations are important because they allow you to piece together the solution that will best fit the security needs of your business.
One of the best first lines of defense is implementing multi-factor authentication. It is a practical way to add further security to the user logon sequence by requiring the user to logon using both something the user knows as well as something they own, such as a code generated from a device.
Integrations such as LDAPS/Active Directory, RADIUS, Kerberos and smart card support can also help speed up change management processes and ensure that your admins are able to cater to all employees and vendors regardless of their operating system, locations, or security procedures.
Choosing the Right Solution
CIOs have a lot of to think about. They are called upon to be both technologists and strategists, guiding their organizations through the technology frontier and driving new business. That being said, choosing tools to better manage security can be a stressful decision. According to survey results about this topic between CIOs and executive IT professionals, security is ranked highest among IT concerns for CIOs and more than half of survey respondents believe security planning should be the last item to receive budget cuts in 2017.
Among security issues, vendor and third-party management has surfaced as a major vulnerability. Many recent breaches (Target and the Office of Personnel Management, for example), have been traced back to compromised vendors due in part to legacy solutions used for vendor management. This leaves CIOs and IT professionals wondering “what are MY vendors doing?” and justifies an investment into solutions that will add to their security armory.
A good privileged access solution should facilitate secure connections utilizing technology such as multi-factor authentication, allow administrators to granularly define permissions, and support systems to monitor and audit session activity.
CIOs can take the guessing game of “what are my vendors doing?” and sleep soundly knowing that their security posture is supported by a secure vendor management solution.
Being in Control
Granular Access Control is the feature that will put security back in the hands of your administrators. The power to granularly manage access is crucial to ensuring that you know who is accessing your network, at what time, and for what reasons. A good privileged access solution will allow you to configure permissions for each vendor based on what they need to do, and block them from accessing parts of the network they do not need to be in.
With limited applications and file upload or download privileges, administrators are able to better regulate what vendors and third-parties are doing in the network. Legacy solutions, such as the VPN, do not give this kind of granular control and essentially create an open, unmonitored tunnel for your vendors.
You can think of granular access control like being home when a plumber is doing work in your house. You do not want him to walk through other areas of the house, so you escort him to the area in which the plumbing issue is. You also do not want him to be able to come and go freely, so you schedule appointments with him and let him in when it is time. You also want the plumber to leave when the plumbing is fixed and then leave your house once the job is done. You wouldn’t want vendors hanging around your network just like you wouldn’t want a plumber hanging around your house.
Monitoring and auditing session information is the key to finding problems before they get out of control. No matter how secure your network is, there is always a chance for human error. Whether malicious or not, it is critical to be able to find, diagnose, and fix issues in a quick manner.
A good privileged access management tool will also support the auditing processes. With video recordings, auditors are able to literally see what actions were done within a session and generate reports based on specific users or groups. Thorough session logs can be populated automatically into a SIEM solution for even richer auditing. Proper logging and auditing can also help your company meet compliance mandates.
At the end of the day, time is money. A CIO needs to think not only about security, but also productivity. Through features like chat, your vendors and administrators will be able to communicate, troubleshoot and make changes more fluidly. Advanced chat tools allow users to collaborate with other administrators by inviting them in to a chat session. This takes the back and forth out of the situation since you are able to bring all decision makers or authorities into one chat.
Mobile support allows your vendors and administrators to securely access and manage sessions from the convenience of their Android or iOS devices. Choosing a tool that is compatible with a variety of platforms, including mobile, will increase productivity and give more flexibility to those involved in the session.