Solving the access rights management issue in a global context

In the global village, access to a company’s internal resources, and the authorisation management that follows, becomes problematic when the resources must be available to suppliers and subcontractors, often operating from across the world. One can cope with that – but not without a tool.

---

Imagine a telecoms operator with an internal infrastructure of 1000 hosts to which external subcontractors must have remote access via SSH and RDP.

Within large companies, these people will often be located on the other side of the world, thus working in completely different time zones. How can you provide them with comfortable work conditions while supervising their activity during a given session? Consider that there are 300 parallel sessions at the same time; no one is able to monitor that…

This is where access rights management comes into picture. Simply put, the rights are a set of policies – do’s and don’ts if you will – related to accessing specific resources, where a resource is understood as a directory, file, disk or the entire workstation.

The structure of the said access rights very much resembles the internal structure of any given corporation. The hierarchy is dominated by a trusted "superior authority", and the propagation of additional rights is most often carried out using the application mechanism. The applications are dealt with by a dedicated unit or group of privileged users with wider access rights. The entire application flow is recorded and stored for future audits.

Apart from structuring access rights itself, it is also very important to monitor the access granted, e. g. by recording session progress or monitoring the status of a shared object. Analytical tools used here often allow for graphical data presentation, so that all kinds of incidents are easier to capture by administrators.

Statistics published last year in a report prepared by the Solutions Review magazine show how difficult it is to manage access rights these days. Namely:

• 80% of all security breaches relate to privileged accounts
• It takes more than a week to detect 82% of the breaches

Today, the remote workplace model, which entails the need to share internal resources, is becoming increasingly popular. A natural consequence of this approach is the growing importance of Privileged Access Management systems (PAMs). According to the said report, 60% of security experts believe that PAMs are indispensable to maintain regulatory compliance.

This is linked to the General Data Protection Regulation (GDPR) entering into force across the EU, which regards the protection of individuals related to data processing as a fundamental right. It can already be demonstrated today that the only effective way to ensure this protection is through efficient management of access rights combined with cryptographic mechanisms providing confidentiality and integrity.

Data presented by Thycotic, a provider of PAM solutions, calls for an urgent action with GDPR around the corner and the necessity to tighten data access that the regulation carries with it. According to Thycotic:

• 66% of organisations still manage access rights manually
• 20% of organisations have never changed their default passwords to privileged accounts
• 30% of organisations allow free access to accounts and passwords
• 40% of organisations use the same access data for regular and privileged accounts

Given the upcoming regulatory framework (GDPR) and the ever-increasing volume of data being processed, the time is now to change the way of managing access rights – for the one that will effectively help prevent unauthorized access to critical resources, and mitigate consequences of such access should it ever happen.

• Read more under:
• BankingTech
• Digital Banking