How We Deliver Cloud-ready Zero Trust Privilege
VERIFY WHO: Today, identities include not just people but workloads, services, and machines. Properly ‘verifying who’ means leveraging enterprise directory identities, eliminating local accounts, and decreasing the overall number of accounts and passwords to reduce the attack surface.
CONTEXTUALISE REQUEST: For each access request, it’s important to know why someone (or something) is performing a privileged action. To do this, you must understand the context behind the request, and then review and approve the request based on the context provided.
SECURE ADMIN ENVIRONMENT: When connecting to servers with privileged access, you don’t want to enable malware infection during the session. Privileged access must only be permitted from a “clean” source. Thus, avoid access from user workstations that also have to Internet and email, which can be all too easily infected with malware.
GRANT LEAST PRIVILEGE: Just enough privilege to get the job done. Just-in-time privilege based on temporary access through a simple request process and limiting lateral movement by only granting access to the target resources needed and no more.
AUDIT EVERYTHING: Audit logs are critical for evidence of compliance and are used in forensic analysis. The best practice for privileged sessions is also to keep a video recording that can be reviewed or used as evidence for your most critical assets. Multiple regulations including PCI-DSS for payment card data specifically require this level of auditing.
ADAPTIVE CONTROL: Modern machine learning algorithms are now used to carefully analyse a privileged user’s behaviour and identify anomalous and therefore risky activities. Controls include alerting as well as active response to incidents by killing sessions, adding additional monitoring, or flagging for forensic follow-up.