Controlling Privileged Threat Surface using PAM & SSO | OneLogin

As organizations expand the breadth of their technology use, we’re seeing an increase in security issues. Some of these issues arise as a result of new technologies or services we’re using (software bugs or service provider outages). However, some issues are the same old problems with a modern technology twist. Nowhere is this more true than with abuse of privileges in IT – a gift that keeps on giving! All joking aside, the problem with abuse and misuse of privileged accounts is growing and doesn’t seem to be letting up.

According to Forrester, 80% of security breaches involve privileged credentials. In the 2018 Verizon Data Breach Investigations Report, the use of stolen credentials was the most common action in hacking activity, with privilege abuse ranking fourth overall. The top internal actor in breaches? Systems administrators.

And that’s only part of the problem. When you factor in the staggering number of administrative consoles, services, tools, and platforms we’re responsible for, you have a recipe for disaster that’s likely to continue unabated unless we do something about it. In fact, we’ve seen several cases of administrative privileges attacked and abused for cloud administrative consoles, including at least one company, Code Spaces, that was essentially erased due to a vicious cyber attack. In 2018, several exposed Kubernetes admin consoles (one belonging to auto manufacturer Tesla) were hijacked to create container instances that mined cryptocurrency for the attackers.

Based on all this, it’s probably time for a new strategy, or at least a revised one. Today, there are too many admins types, especially with the proliferation of DevOps and cloud environments. We have privileged user management and privileged access management (PAM) tools that can help refine role definition, handle short-term credentials, and enable greater scrutiny over monitoring and controlling admin access.

Even with that, there are significant advantages to expanding upon privilege management tools with the use of single sign-on (SSO) and federated access solutions. Once you’ve identified the need to better control and monitor privileged users, you can move toward narrowing your privileged user types, establishing a core source of internal identities that can be extended and integrated with other platforms, and building use cases for the types of internal and external resources these users need access to. At that point, integrating PAM/PUM tools with SSO can help centralize access to numerous resources with improvements in ease of use, central administration, and better auditing capabilities. Leveraging an SSO solution to carefully restrict access into cloud admin consoles or other types of cloud services is an added benefit of this converged strategy.

We’ve got the technology pieces we need to effectively manage privileged users and roles, and begin locking down privileged access to internal and external resources – we just have to use them. To learn more, check out my on-demand webinar: Dialing up Your Privileged User Strategy leveraging Single Sign On.

About the Author

Dave Shackleford

Dave Shackleford is the CEO and Principal Consultant at Voodoo Security, Lead Faculty at IANS, and a SANS Senior Instructor and Course Author. He is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CTO at IANS, CSO for Configuresoft, CTO for the Center for Internet Security, and as a Security Architect, Analyst and Manager for several Fortune 500 companies. Shackleford is the Author of the Sybex book Virtualization Security: Protecting Virtualized Environments, currently serves on the board of directors at the SANS Technology Institute, and co-chairs the Top Threats to Cloud Working Group at the Cloud Security Alliance.

Related Articles