Security or Efficiency? Why Not Have Both?
A lot is being written about information security; opinions, suggestions, surveys, even conspiracy theories roam around, and news on a prominent organization’s data breach make headlines more often than ever, these days. It is not that people are just catching on to the significance of security and have recently become aware of the consequences. Instead, it’s the new and more accurate perception towards security that is on the move, let’s say, for the better. Let’s face it, it is often easier to just let sleeping dogs lie. However, more and more people are beginning to realize that the dogs have woken up and countless organizations have been bitten quite severely or at least barked at. When CIOs and CISOs are asked, “Is IT security important?”, they all answer “Of course!”. However, what they say and what they do (security practices are at the bare minimum) do not match!
While everyone is caught up on discussions like what should or should not be done for improved protection, very few try to understand what causes this mismatch. One theory focuses on the ease of use of the many security product offerings that exist in the market today, in other words; operational efficiency. There are big brains and competent engineers behind the advanced tools that keep “intruders” out, who, more often than they should, overlook the abilities of the people who get their hands on their products, thus raising the subject of Privileged Access Management (PAM). In this article, we will address PAM tools that are designed to secure environments that require a high level of human interaction, as they are designed to control and monitor which privileged users (admin, roots, dbas etc.) can access which critical endpoints and perform what commands, exactly when and where. The achievement of this multi-layered structure may sound complicated. However, every product tackles or approaches the operational processes from a different angle. Let’s examine the following scenario:
Your organization has tens of thousands of endpoints, accessed by hundreds of privileged users on a daily basis. One way of managing this process is to install an agent on every device, which makes the initial deployment highly burdensome and even more complicated over the long term, as the agents themselves have to be managed and kept up-to-date. On the other hand, a native proxy that establishes secure connections and does not require an agent to be installed, allows for a more user friendly product, without performance degradation.
On this same note of usability, onboarding tens of thousands of endpoints onto the system is a painful process. Imagine what it would be like if there was an auto-discovery feature based on, let’s say, the ability to discover and onboard any number of devices on a subnet, and automatically assign discovered devices to the relevant groups. However, for dynamic network segments with many join-and-leave operations, the story does not end here, and users must keep their inventory up-to-date at all times. So, they continue to imagine the same tool scanning the subnet, looking for any physical changes to the inventory and reflecting it within the PAM inventory, based on pre-defined time intervals.
In the same scenario, IT professionals have daily habits accessing target systems, using clients such as SecureCRT, Putty, MobaXtreme, etc. If a new product is introduced intending to prevent mistakes and misuses, an entire team must be asked to change their habits. One could expect resistance, which could lead to additional issues, i.e. shadow IT, work-arounds, etc. However, if the new PAM solution does not change those habits, one can cross this concern off their list.
You’ve probably guessed by now that there is indeed a PAM solution that emphasizes operational efficiency and does not make its users turn against it. With its agentless structure, auto-discovery tool and its ability to support native clients for connections, making for a very short learning curve and a very smooth integration, Kron’s Single ConnectTM has taken this approach from the very beginning.
Finally, the Privilege Task Automation tool’s feature-set is entirely integrated with the rest of the modules enabling your users to create dynamic workflows, write scripts on a graphical interactive interface, and be very specific with policies for particular users with its pre and post action check mechanism. If you’re interested in implementing a PAM solution to mitigate risk, reduce the likelihood of human error, increase efficiency and improve security, you need a tool that automates these processes for you, including the portions that still require human interaction by allowing your users to interact with PAM in a way that does not create an additional burden. Don’t we all have enough responsibilities already?