BeyondTrust Reveals Survey Results
BeyondTrust, a leading cybersecurity company dedicated to preventing privilege misuse and stopping unauthorized access, has recently announced the results of its 2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology survey.
The survey shows that 90% of enterprises are engaged with at least one next-generation technology (NGT), such as cloud, IoT, or AI. Yet, while enterprises are optimistic about the business benefits these technologies can bring, they also have concerns about the risks, with 78% citing the security risks of NGTs as somewhat to extremely large. One in five respondents experienced five or more breaches related to NGTs and excessive user privileges were implicated in 52% of breaches.
Significant Movement Toward the Cloud
The survey also found that cloud transformation is accelerating in terms of the percentage of workloads in the following environments today and in three years. The following environments include: on-premises, public cloud, private cloud, SaaS apps.
One in Five Respondents Experienced Five or More Breaches Related to NGTs
There are real business costs that result from breaches, with the top costs being lost productivity, loss of reputation, monetary damages, and compliance penalties.
To improve security while reaping the transformative benefits that NGTs offer, organizations should implement five privileged access management (PAM) best practices that address use cases from on-prem to cloud.
- Best Practice #1: Discover and inventory all privileged accounts and assets. Organizations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual, and cloud environments.
- Best Practice #2: Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organizations should scan both online and offline container instances and libraries for image integrity.
- Best Practice #3: Manage shared secrets and hard-coded passwords. Governing and controlling shared and other privileged accounts represents one of the most important tactics organizations can employ to limit the effects of data breaches resulting from NGTs.
- Best Practice #4: Enforce least privilege and appropriate credential usage. Organizations should only grant required permissions to appropriate build machines and images through least privilege enforcement.
- Best Practice #5: Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, QA, and production systems.
“It is encouraging to see that organizations understand the benefits that Privileged Access Management can deliver in protecting next-generation technologies, but there are more best practices to employ,” said Morey Haber, Chief Technology Officer at BeyondTrust. “The survey affirms that security should be at the forefront of new technology initiatives, otherwise, organizations can experience serious financial, compliance, and technological ramifications later on.”