first, and then expand that to other business applications.”
Once an agency has identified its highest-value systems and devices, it becomes easier to strategize appropriate privileged access. In CyberArk, this is managed through a centralized vault, with safe storage and encryption of credentials to protect against both external and insider threats.
With a centralized credential vault and the ability to isolate and record user activity via a privilege session manager, federal IT teams can implement the needed controls and simultaneously deliver on the regulatory requirements for high auditability.
The Blueprint approach offers agencies the ability to secure existing systems and also to future-proof their permissions. It tackles digital transformation initiatives including adoption of cloud, DevOps, robotic process automation and SaaS, as well as on-premises, cloud and hybrid environments.
This centralized, automated approach to access control management helps federal agencies to deliver on the promise of the Zero Trust framework, which requires
IT to trust users only for a specific point in time and to verify trust continually. With a centralized view, it becomes possible to more easily identify behaviors outside the norm and to take corrective action, as well as to efficiently grant and revoke permissions as required.
The same risk-based approach that secures human users can also be leveraged to support Robotic Process Automation (RPA), a high- production capability that is rapidly gaining ground in the federal space.
Robots, like humans, should have access only to a limited set of systems and devices. CyberArk enables IT
leaders to issue those credentials automatically and without human intervention through secure API calls, providing non-person entities with secure access and high auditability.
Key differentiators
The privileged access management space is awash in partial solutions. Many offer tools to enforce PAM, but often without an overarching system for defining and managing access. CyberArk’s Blueprint takes a more foundational approach, offering a risk-based paradigm to automatically protect highest-value assets against the most likely attack vectors.
With deep experience across government and commercial entities, CyberArk is able to leverage best practices gained over 20 years in the PAM space. As an early entrant into privileged threat analytics, CyberArk has demonstrated a commitment to innovation, securing DevSecOps, nonhuman credentials, and other emerging methodologies.
Driven by experience and innovation, the Blueprint approach is also highly responsive to specific agency needs. “Who can make a change or access sensitive data or information? That definition can change from agency to agency,” Jermyn said. “Customer input is critical in order to appropriately deploy PAM across agency systems.”
Moving forward
In order to shift toward a
more effective privileged access management methodology, federal leaders can engage in a process
of internal self-reflection. A few key questions include: What is the agency currently doing to address the problem of privileged access management? How are credentials rotated? What are the privileged
accounts that a PAM program should target, either for audits or simply as a matter of security best-practices?
Free and easy-to-use tools can
help to support this critical initial inventory. CyberArk Discovery & Audit, for example, can scan the network to locate privileged accounts on-premises, in the cloud, and in DevOps environments. It can identify all privileged credentials, such as passwords, SSH keys, passwords hashes, AWS access keys and more. And it can uncover vulnerabilities, identifying machines vulnerable to credential theft attacks and assessing privileged access security risks.
This baseline knowledge enables IT leaders to take the first steps toward more effective PAM. From there, a comprehensive, risk-based Blueprint can deliver a far-reaching strategy for securing the agency’s most vital assets.
“Whether it is a malicious insider
or a highly motivated external attacker, abuse of privilege is at the heart of a lot of different types of cyberattacks,” Jermyn said. Where piecemeal strategies have fallen short in the past, a high-level approach to PAM can enable federal agencies to assert enterprise-wide control with a high degree of automation. They can deliver a greater degree of security
and can better meet regulatory requirements around auditability, while simultaneously freeing administrators to tackle higher-value tasks.
Understand privileged access management challenges and how CyberArk can help organizations improve privileged access management systems and practices, reduce security vulnerabilities and mitigate risk in this free PAM success blueprint or visit cyberark.com