Zero Trust Based Privileged Access Management
Securing access to those that need it, when they need it!
Ensuring secure and appropriate access to IT resources and data is a broad and complex subject which is addressed within the Frontier Data Security and Management Framework.
Most organisations will have mature and well understood platforms such as multi-factor authentication, password vaults and perhaps also Privilege Access Management (PAM). PAM ensures that users such as system admins who often hold the “keys to the kingdom” with open access to key systems and confidential information only actually have access to the systems they actually need at the time they need it to fulfil their role.
Why Do You Need Zero Trust Privilege?
This diagram shows the differences between traditional privilege access management solutions and Frontier’s cloud-ready zero trust privilege approach:
How We Deliver Cloud-ready Zero Trust Privilege
Leveraging enterprise directory identities for verification to eliminate local accounts, and decrease the number of accounts and passwords to reduce the attack surface
For each access request, it’s important to understand the context behind the request, and then review and approve the request based on the context provided.
When connecting to servers with privileged access, it must only be permitted from a “clean” source and avoid access from workstations that can be easily infected with malware.
GRANT LEAST PRIVILEGE
Just enough and just-in-time privileges based on temporary access request process to limit lateral movements by only granting access to the target resources
Audit logs are critical for evidence of compliance and are used in forensic analysis. Multiple regulations including PCI-DSS specifically require this level of auditing
Machine learning algorithms are used to analyse, monitor, and flag a privileged user’s behaviour and identify anomalous and risky activities
Andy Smith; Vice President of Marketing at Centrify in InfoSecurity 2019
Zero Trust Based Privileged Access Management For Hybrid IT Infrastructure