Start the journey to
privileged cloud access, consider these considerations:
» Define access: The business functions rely on data,
systems, and access, and dependencies on these entities vary from one
organization to another, so make sure to define your privileged cloud
access. » Develop IT cloud access policies: The organization
should have a policy that details acceptable use and
responsibilities for privileged cloud account. Working
understanding of who has privileged access and when it’s being used is
vital. » Use a risk register: Use a risk register as part of your
IT cloud access policy that requires any new cloud application to
register the data impact risk along with the privileged access
management (PAM) matrix questions.
» Discover privileged accounts: Automated PAM
software identifies the privileged accounts, implements
continuous discovery to curb privileged account sprawl,
identifies potential insider abuse, and reveals external
threats. » Understand business users’ privileged access: All access
is becoming privileged whether it’s due to the level of access
of the account or the access users have to sensitive company data. » Protect passwords: Verify the solution can
automatically discover and store privileged accounts; schedule password
rotation; audit, analyze, and manage individual privileged session
activity; and monitor accounts to quickly detect and respond to
malicious activity. » Limit IT admin access: Develop a least-privilege policy
to enforce least privilege on endpoints and to limit IT
admin access to cloud applications without disrupting
business operations. » Monitor and record sessions: PAM solution should
monitor and record privileged account activity, which helps enforce proper
behavior and avoid mistakes by users. Audit, record, and monitor
privileged activities to assist with regulatory compliance. » Detect abnormal usage: Visibility into the access and
activity of the privileged accounts in real time helps catch
suspected account compromise and potential user abuse. Track and alert
user behavior. Early detection of security incidents significantly
reduces the cost of a data breach. » Respond to incidents: Include privileged access the
incident response plan in case an account is compromised. Simply
changing privileged account passwords or disabling the privileged account
isn’t adequate when a privileged account is breached. » Audit and analyze: Continuously monitoring privileged
account usage via audits and analysis reports helps identify unusual
behaviors that may indicate a breach or misuse.