TRENDING
(PAM), affect the adoption of NGTs,
BeyondTrust surveyed 612 IT professionals.
DevOps has reached mainstream: AI
and IoT not far behind
The survey found broad interest in NGTs,
with the most common being Digital
Transformation (DX), DevOps and IoT.
IT reports these NGTs are important for
organisations, with 63% saying DX will
have a somewhat to extremely large impact
on their organisation, followed by DevOps
(50%), AI (42%) and IoT (40%).
Significant movement towards
the cloud
The survey also found that cloud
transformation is accelerating. Respondents
indicate that 62% of workloads are
on-premises, with 15% in a public cloud,
11% in private clouds and 8% in SaaS
applications. Over the next three years that
is projected to dramatically change on-
premises drops to 44%, public cloud jumps
to 26%, private cloud increases to 15% and
SaaS increases to 12%.
One in five respondents experienced
five or more breaches related to NGTs
Security issues, as a result of NGTs, happen
at an alarming rate. A total of 18% of
respondents said they had a breach
related to NGTs in the last 24 months that
“
THE TOP COSTS
ARE LOST
PRODUCTIVITY,
LOSS OF
REPUTATION,
MONETARY
DAMAGES AND
COMPLIANCE
PENALTIES.
resulted in data loss, 20% experienced
a breach that resulted in an outage and
25% saw breaches over that time period
that triggered a compliance event. One in
five survey respondents experienced five or
more breaches.
Too much privilege results
in breaches
The study shows that, more than half the
time, these breaches occur due to trusted
users doing inappropriate things for innocent
reasons, with 13% of respondents indicating
it happens ‘often’ or ‘all the time.’ In 18% of
the cases, it’s trusted insiders going rogue and
in 15% of the cases, it’s outsiders gaining
privileged access to steal credentials. In each
case, excessive privileges are to blame.
There are real business costs that result from
breaches. The top costs are lost productivity,
loss of reputation, monetary damages and
compliance penalties.
Privileged Access Management can
facilitate the move to NGTs
Morey Haber, Chief Technology Officer
at BeyondTrust
28
INTELLIGENTCIO
Respondents overwhelmingly indicate
that PAM-related capabilities can improve
security and facilitate a move to NGTs. Top
practices include controlling and governing
privileged and other shared accounts (60%,
59%, respectively), enforcing appropriate
credential usage (59%) and creating and
enforcing rigorous password policies (55%).
In fact, all of the respondents said they
are employing at least one PAM-related
best practice to avoid NGT problems with
privileged access.
How Privileged Access Management
can enable the transformation to
next-generation technologies
To improve security while reaping the
transformative benefits that NGTs offer,
organisations should implement five
Privileged Access Management (PAM) best
practices that address use cases from on-
prem to cloud.
• Discover and inventory all privileged
accounts and assets. Organisations
should perform continuous discovery
and inventory of everything from
privileged accounts to container
instances and libraries across physical,
virtual and cloud environments
• Scan for vulnerabilities and configuration
compliance. For DevOps and cloud use
cases, organisations should scan both
online and offline container instances
and libraries for image integrity
• Manage shared secrets and hard-coded
passwords. Governing and controlling
shared and other privileged accounts
represents one of the most important
tactics organisations can employ to limit
the effects of data breaches resulting
from NGTs
• Enforce least privilege and appropriate
credential usage. Organisations should
only grant required permissions to
appropriate build machines and images
through least privilege enforcement
• Segment networks. Especially important
in DevOps, lateral movement protection
should be zone-based and needs to cover
the movement between development,
QA, and production systems
“It is encouraging to see that organisations
understand the benefits that Privileged
Access Management can deliver in
protecting next-generation technologies, but
there are more best practices to employ,”
said Morey Haber, Chief Technology Officer
at BeyondTrust.
“The survey affirms that security should
be at the forefront of new technology
initiatives, otherwise, organisations can
experience serious financial, compliance and
technological ramifications later on.” n
www.intelligentcio.com