Protecting privileged user credentials with integrated MFA

Nov 30, 2017 | by Tony Karam

Privileged user credentials provide nearly unrestricted access to IT systems and services. That level of access enables these users to do their jobs – and, unfortunately, puts their credentials at risk for theft and misuse. After all, what cyber attacker wouldn’t want to get their hands on the credentials that provide access to many of the organization’s most critical resources? To help reduce that risk, many organizations today are turning to privileged access management (PAM) solutions. While these solutions can be great for monitoring privileged users’ activity and managing their passwords, it is not enough to protect the organization from a breach. For that, you need a more comprehensive set of capabilities incorporating modern multi-factor authentication (MFA) and centralized identity governance.  

MFA Reduces the Risk of Privileged Credentials Abuse
Thinking about what may happen if a privileged user’s passwords should fall into the wrong hands is enough to keep any identity and access team up at night. Once an intruder has those “keys to the kingdom,” the next step could be disabling controls, stealing private data, committing fraud—even taking over the entire IT infrastructure. Restricting privileged access and locking down credentials are critical steps in preventing catastrophe. But what happens when someone presents with the right credentials, but isn’t really who they’re claiming to be?

As cyber attackers keep coming up with more sophisticated ways to hijack privileged user credentials, it becomes increasingly important to integrate modern multi-factor authentication methods with privileged access management capabilities. That way, if someone attempts to access a resource or application as a privileged user, they can be challenged with additional authentication methods to verify they are, in fact, who they say they are.

Centralized Identity Governance Provides Tight Control
When you incorporate centralized identity governance and lifecycle capabilities into a solution for privileged user management, you enable a unified view of privileged user access that’s driven by policy-based identity management for those users and their applications. Centralized governance helps ensure privileged access is exercised appropriately and in compliance with an organization’s security practices, while automated lifecycle management makes it easier to manage privileges accurately throughout their lifecycle, from the time a privileged user is granted access upon assuming a role within the organization to the time privileges are modified or revoked because the user changes roles or leaves the company altogether.                        

Collaboration Leads to Innovative Integrations
Pursuing a shared vision of secure privileged access management, RSA and CyberArk recently announced interoperability between CyberArk Privileged Account Security Solution and RSA identity and access management solutions. The interoperability between RSA SecurID® Access and CyberArk’s Enterprise Password Vault helps to  ensure that  only authorized users can access privileged accounts, whether on-premises or in the cloud. We’ve also made RSA Identity Governance & Lifecycle seamlessly interoperable with the CyberArk solution to provide an automated way to ensure privileged users have the appropriate levels of access as they change roles over the course of their association with the organization.

Collaborations like this one are part of a larger RSA initiative to eliminate identity risk by transforming secure access to be pervasive, connected and continuous. To learn more, read the latest news about RSA’s expanding technology ecosystem.

Author: Tony Karam

Category: RSA Fundamentals

Keywords: Identity & Access Management, Identity Governance and Access, Multi-Factor Authentication