The recent increase in reported cyber attacks demonstrate once again the dangers of cyber criminals gaining access to high-level credentials within an organisation the more privileged such credentials are, the more damage they can do.
This is one of the reasons why there is a shift away from traditional privileged access management (PAM) to an approach known as identity security. As a leader in identity security, CyberArk has partnered with Altron Security to add its best-of-breed security solutions to the company’s vast security knowledge and experience.
We know our security solutions are world-class, so what we need are confident and skilled partners that can wrap the relevant expertise around our offerings and make it easy for the end-customer to implement. Altron is among the best when it comes to understanding security best practice, managing implementation hurdles and delivering to meet customer needs,” Craig Harwood, CyberArk Regional Director: Middle East and Africa
Workforce Identity, adds that the two businesses have worked together for a number of years and that Altron has long-recognised CyberArk as one of the best security vendors.
We are proud to add our skills to CyberArk’s technologies, now extending from PAM into the identity security approach, to ensure that we continue to deliver the most effective security solutions our customers need,” Reghardt van der Rijst, Practice Lead at Altron Security
Notes that the reason for the shift from PAM to a more all-encompassing strategy like identity security is due to the changing definition of ‘privileged users’.
While PAM security traditionally focused on server administration, we now live in a world where an increasing number of new privileged use cases are being created, as the adoption solutions like infrastructure and platform as a service come to the fore.”
Moreover, whereas PAM is associated with the risk to the user’s identity in an IT sense, the discussion is now moving beyond IT, as areas like payroll and finance also have users who view privileged information. A good example is that of SWIFT applications these are not really defined as IT, but if a user’s identity here is compromised, it will still be hugely damaging to the business.” David Higgins, CyberArk Technical Director: Middle East and Africa
Higgins indicates that identity security is all about risk, as it focuses on the implications to the business if an identity is compromised whether that identity belongs to an IT administrator or a finance person.
There are three key pillars to an identity security platform, notes Harwood, pointing out that PAM remains one of these.
Beyond PAM, we have what we call the workforce pillar which focuses on appropriate controls for the entire user community in an organisation. Then there is also a third pillar, DevSecOps, which focuses on non-human or unattended access, since not all identities belong to a human they could just as easily belong to an application or an automated process, for example.” David Higgins, CyberArk Technical Director: Middle East and Africa
When it comes to defining risk and applying the right controls, he continues, the concept of zero trust is rapidly being accepted, with many organisations adopting various flavours of this. This approach dovetails well with identity security, as with zero trust you essentially assume that internal and external threats always exist on your environment, and you apply your security controls with that mindset.
“Without adopting zero trust, a PAM-created privileged account would have administration rights and might continue to exist, sometimes long after the individual it was created for has left the company. However, with zero trust, the mindset is rather to deliver access in an ephemeral manner. Thus, if administrator rights are needed, they are given but are taken away again once the user has achieved what they set out to.
“By utilising this just-in-time approach to rights management and adopting an identity security approach, businesses can not only significantly reduce their attack surfaces, but also, if the number of entitlements is reduced, the blast radius of a successful attack.”
there has also been a shift in the market, whereby an increasing number of customers are seeking to consolidate the various aspects of security and obtain an end-to-end solution from a single entity.
“CyberArk’s identity security approach can assist in catering to customers’ requirements for a single vendor and so Altron Security is excited to be working closely with them,”