In an effort to reduce costs, free up staff, and acquire skills they don’t have in-house, IT organizations are outsourcing more and more of their operations. However, outsourcing can create a significant security risk: the proliferation of privileged credentials. As the number of privileged credentials increase, the risk of unauthorized access and data breaches also increase. Fortunately, a single identity platform can help IT organizations reduce these vulnerabilities.
Research by Forrester shows that 100% of organizations outsource at least one IT function and at least one application development function. In addition, 97% of them permit privileged remote access to employees and outsourced vendors. The result, according to Forrester, “is a multitude of identities that require privileged access, challenging IT decision-makers. And with so many identities demanding privilege, organizations are inconsistent in how they designate privilege across accounts.”
Organizations use a variety of methods to provide service providers with privileged access. The most common include Virtual Private Networks (VPN), virtual desktop infrastructure, web application gateways, and hosted file sharing. But each of these has drawbacks for enabling privileged access. For example, a VPN establishes an encrypted tunnel between a remote endpoint and the internal network, thereby protecting traffic as it moves across the public Internet. However, a VPN does not sufficiently limit privileged access to the resources on the private network.
Using multiple access methods also creates problems for IT organizations: This approach increases both the operational overhead and the complexity of the environment. This, in turn, increases the risk of human error. What’s more, the fact that these are privileged accounts adds risk, as IT administrators who access critical resources such as servers and network devices are a common attack point. Attackers know that these accounts provide direct access to valuable assets.
Fifty-three percent of decision-makers surveyed by Forrester recognize there’s a better way to enable privileged access credentials: Using a single identity platform. A single identity platform integrates identity management for all users and resources, and leverages multi-factor authentication (MFA) to strengthen access security. It offers a centralized approach to managing the identities across the cloud, mobile, and on-premises data center.
Centralized identity platforms such as Centrify’s are purpose-built to protect both end-user and privileged user identities, enabling IT organizations to protect all users and resources with a single solution. This integration, along with one consistent set of authentication policies, helps eliminate security gaps, and reduce costs and complexity.
Shared identity services layered on top of a unified identity platform also help protect privileged credentials. For example, a platform can reinforce secure access with MFA for server login or privilege escalation. By adding a second authentication factor requirement to security policies, attackers are unable to gain privileged access without the physical device or email address needed to complete the authentication process.
Outsourcing plays an important role in today’s IT organizations. A unified identity platform allows IT organizations to pursue this strategy while also protecting their critical assets from attack or breach.
For more information, click here.