Sometimes employees or contractors need temporary privileged access to business applications to troubleshoot a problem, respond quickly to a business issue or perform administrative functions. These are instances of “exceptional access” that fall outside the user’s typical job role or responsibilities and require detailed audit reporting to ensure access is granted, approved and revoked in compliance with company policies so activities such as performing application configuration changes or data loads and mass edits / deletions don’t jeopardize company assets.
Examples of temporary privileged-user access include:
- Employees that need access to post journal entries to assist with the close of the fiscal quarter in order to meet SEC reporting deadlines
- Employees in the accounts payable role that need permissions to pay vendor invoices and post invoices for payment, due to staffing shortages with personnel out on leave
- Contractors that need temporary access to update information in the HR system where highly sensitive information on employees resides
- Developers that require access to the ERP production system to troubleshoot a performance problem.
In these instances when “exceptional access” is required, businesses have several challenges:
- Access is needed ASAP and should be terminated as soon as the issue is resolved
- Users with privileged access could alter or delete data to commit fraud, disrupt business or damage reputation; or expose sensitive employee, customer or proprietary information
This is where Privileged Access Management (PAM) comes in. A PAM solution helps secure, control and monitor access to an organization’s critical information and resources by privileged users. The implementation of a PAM strategy is becoming a critical component of a company’s identity and access management strategy. That’s because 74% of IT decision makers who experienced a breach said it involved privileged access credential abuse, according to a new report in Forbes magazine. This is such a critical area to an organization that Gartner listed privileged access management as the top security project for the enterprise.
The majority of PAM solutions centralize privileged credentials in one place promises tighter security, but the reality is that it leaves too many gaps. There is a critical need to have PAM implemented at the individual application level, otherwise companies continue to put the enterprise at risk when managing privileged users. PAM for applications enables a company to automate the provisioning and deprovisioning of privileged users for a timely process that doesn’t disrupt the business. You’re able to monitor everything that a privileged user is doing and receive real-time alerts if there is suspicious activity. In addition, you’ll be able to view audit trails of all change actions while simplifying audit preparation & reporting.
Keep in mind that privileged users who are intent on performing nefarious acts, along with hackers who are intent on stealing privileged user credentials, are focused on the application, not the enterprise. That’s why it’s more critical than ever to implement PAM at the application level.