BeyondTrust has announced the results of the 2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology Survey.
The survey shows that 90 percent of enterprises are engaged with at least one next-generation technology (NGT), such as cloud, IoT or AI.
Yet, while enterprises are optimistic about the business benefits these technologies can bring, they also have concerns about the risks, with 78 percent citing the security risks of NGTs as somewhat to extremely large. One in five respondents experienced five or more breaches related to NGTs. Excessive user privileges were implicated in 52 percent of breaches.
The study highlighted that next-generation, transformative technologies such as AI/Machine Learning and IoT, and business processes like DevOps are leading the way to a bright future full of operational efficiencies, greater business agility, and cost savings. Yet, there is also a dark side to these NGTs: security vulnerabilities.
It found broad interest in NGTs, with the most common being Digital Transformation (DX), DevOps and IoT. IT reports these NGTs are important for organisations, with 63 percent saying Digital Transformation (DX) will have a somewhat to extremely large impact on their organisation, followed by DevOps (50 percent), AI (42 percent), and IoT (40 percent).
Cloud transformation is accelerating, said the study. Respondents indicate that today, 62 percent of workloads are on-premises, with 15 percent in a public cloud, 11 percent in private clouds, and eight percent in SaaS applications. Over the next three years, that is projected to dramatically change—on-premises drops to 44 percent, public cloud jumps to 26 percent, private cloud increases to 15 percent, and SaaS increases to 12 percent.
BeyondTrust also noted that one in five respondents experienced five or more breaches related to NGTs and excessive user privileges were implicated in 52 percent of breaches.
“It is encouraging to see that organisations understand the benefits that Privileged Access Management can deliver in protecting next-generation technologies, but there are more best practices to employ,” said Morey Haber, Chief Technology Officer, BeyondTrust.
“The survey affirms that security should be at the forefront of new technology initiatives, otherwise, organisations can experience serious financial, compliance, and technological ramifications later on.”
To improve security while reaping the transformative benefits that NGTs offer, organisations should implement five privileged access management (PAM) best practices that address use cases from on-prem to cloud.
- Best Practice #1: Discover and inventory all privileged accounts and assets. Organisations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual, and cloud environments.
- Best Practice #2: Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organisations should scan both online and offline container instances and libraries for image integrity.
- Best Practice #3: Manage shared secrets and hard-coded passwords. Governing and controlling shared and other privileged accounts represents one of the most important tactics organisations can employ to limit the effects of data breaches resulting from NGTs.
- Best Practice #4: Enforce least privilege and appropriate credential usage. Organisations should only grant required permissions to appropriate build machines and images through least privilege enforcement.
- Best Practice #5: Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, QA, and production systems.