This sponsored post is produced by Todd Peterson, Product Marketing Manager at Dell Software.
Remember Psychology 101 and Maslow’s hierarchy of needs? In a nutshell, the human experience can be summed up in a five-tiered pyramid with the ability to advance to the next level entirely dependent on satisfying the one below it. At the foundation of this are physiological needs (air to breathe, food to eat) followed by safety needs. When safety needs are satisfied, social needs can be addressed, and when those are fulfilled, esteem is next. Last, self-actualization caps the pyramid.
Privileged account management has a similar hierarchy. At the foundation is access, which leads to security, which then enables control. Once control is in place, management follows. Finally, when all other levels are satisfied, the self-actualization of Identity and Access Management (IAM) is governance. Just as we seek self-actualization in our personal lives, technologies are drawn (or often forced) toward governance in a similar way.
Where does security fit into that hierarchy? It’s likely that some systems or user communities are very near the top, with management under control and governance in the works. In other systems, scenarios or user communities may struggle to maintain access or secure the access that does exist. For those, systems governance is so far from reality that it’s like the shark circling the drowning man.
One user population that consistently struggles to get out of the lower levels of hierarchy is the community of privileged or “superuser” accounts and the administrators that must use them every day. When looking at privileged accounts, the various levels of our needs go as follows: granting access to privileged accounts, securing that access, controlling the access, managing privileged access, and finally, governance.
In Maslow-speak, we all want to be self-actualized, but we’re so worried about putting food on the table that we simply can’t get there. Unfortunately, governance is no longer just a nice-to-have; it is demanded by every regulation, every best-practices framework, and every bit of trying to do the best for the ones who write the checks.
The fundamentals of governance
Governance is a fairly esoteric concept, meaning different things to different people. At its core, governance is simply making sure that the right people have the right access at the right time in the right way. Among the foundational concepts that form ideal governance stances are provisioning, roles, and attestation. In order to achieve ideal governance, ask yourself the following questions:
- Provisioning – How do you grant people the access they need as efficiently, accurately, and thoroughly as possible?
- Roles – How do you organize groups of people with common needs or job functions to ensure that provisioning and access rights is not a one-off exercise every time someone needs access?
- Attestation – How do you perform the periodic recertification of access (particularly administrative access) required by virtually every regulation or best-practices framework? Who does the work? Who should do the work? And how do you prevent “best guesses” and “blind attestation”? And above all, how do you prevent these activities from bringing operations to a grinding halt?
While each of these can be done manually on a system-by-system basis, most IT execs do not have the time or desire to tackle governance in such an ad-hoc, inefficient, and error-prone manner. By looking at the hierarchy as a maturity model, here are a few tips to help IT manage privileged accounts:
- Get control under control – Many IT execs address privileged account management pains by finding a tool to provide the control that is missing. The end result is often multiple, disparate tools helping with control that do not address management. Look for tools that provide a unified approach to privileged account management.
- Unify to enable management – Implement one policy set to control access enterprise-wide, one set of roles that drive who can do what and under what circumstances, as well as one interface to cover as much of the privileged account management world as possible.
- Governance is not an afterthought –The typical (and wrong) approach to governance is to perform manual attestations with whatever tools exist, and to use whatever staff happens to know how to use those tools. The result is a colossal drain on efficiency, increased uncertainty, and risk. If governance requirements are considered as control and management are addressed, the path is simple and straightforward.
It’s time for privileged account governance
Imagine how self-actualized organizations would be if control, management, and governance were all addressed with a common technology foundation and a unified set of identities, roles, policy, and processes. Imagine if a provisioning action, performed on day one for a new administrator, completely and accurately granted ALL the access that employees need – administrative and non-administrative – across the entire enterprise with complete visibility and control in the hands of the business.
What if attestation activities were a streamlined process of line-of-business personnel simply reviewing a comprehensive dashboard of ALL the rights his or her employees have (privileged and not) in language they understand? How easy would an audit be then? The implications of built-in separation of duties checks that all affected parties are alerted of any instances where rights (including administrator rights) would raise a compliance or security red flag.
Above all, imagine the implications of enterprise governance that provides unified, comprehensive, and efficient governance across the board – of end user access to applications, access to data, and administrator access to privileged accounts. Wouldn’t it be nice to finally be in control of your audits? It can happen if and when we finally grow up with regard to privileged accounts and administrative access. For more information, visit Dell Software eBook, IAM for the Real World: Privileged Account Management.