Today’s CIOs have an unprecedented challenge on their hands. They are spearheading digital transformation efforts, creating revenue-generating applications, enabling remote work and driving seamless customer experiences. This new business environment also created a veritable playground for attackers, making it hard to strike the right balance between innovation and security.
Most attacks today follow a similar pattern. Attackers find privileged credentials – those that have elevated access and permissions – and use them to gain access to an organization’s most valuable assets. In fact, more than 80% of breaches tied to hacking involve brute force or the use of lost or stolen credentials.
Organizations can’t stop attacks if they don’t secure privileged access wherever it exists. And today, privilege is everywhere – in the cloud, on endpoint devices, in applications, within automated processes, and throughout the DevOps pipeline.
Identifying & Securing Privileged Access
As organizations move more IT resources to hybrid and multi-cloud environments, and accelerate automation and digital transformation initiatives, the number of privileged credentials is growing exponentially. In modern IT environments, all identities can become privileged under certain conditions, based on the systems, environments, applications, or data accessed or the types of operations they’re performing.
Because virtually any user – human or non-human (such as applications and machines) – can become a privileged user at any time, managing and protecting access is now a more critical security issue than ever. Here are some factors contributing to the explosion of privileged access and the increased risk:
- The rising adoption of DevOps, Internet of Things (IoT), and use of cloud services creates more possible access points.
- Business users in departments such as HR, finance and sales operations are often granted high levels of access to keep critical processes up to date and to maintain business continuity. That access must be managed, monitored and controlled in the same way as traditional privileged users.
- Critical business systems and applications handle some of the most sensitive data within organizations including customer data, business forecasting, intellectual property and other high value assets.
Because of the growing attack surface and changing definition of a privileged user, privileged access management needs to be a top priority. Modern solutions deliver automated, centralized and proactive controls that can help organizations securely operate in dynamic environments while preparing them for whatever challenges might come.
To learn more, download a complimentary copy of the Gartner 2020 Magic Quadrant for Privileged Access Management1: https://www.cyberark.com/gartner-mq-pam/
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
By David Higgins, Technical Director, CyberArk