5 Best Practices for Securing Next Gen Tech

To improve security while obtaining transformative advantages next-generation technologies offer, financial institutions and other organizations should implement five privileged access management best practices that address use cases from on-premises to cloud.

These suggestions come from Phoenix-based information-security company BeyondTrust’s “2018 Implications of Using Privileged Access Management to Enable Next-Generation Technology Survey,” which surveyed 612 IT professionals in 13 countries in April 2018.

The report cited next-generation, transformative technologies such as artificial intelligence/machine learning and the Internet of Things, and business processes like DevOps as leading to operational efficiencies, greater business agility and cost savings.

“Some organizations are embracing security right off the bat with next gen technologies or secure DevOps or secure IoT. Others are realizing the pain points after the fact,” Morey Haber, CTO at BeyondTrust, noted.

Here are some PAM best practices from BeyondTrust:

1. Discover and inventory all privileged accounts and assets. Organizations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual and cloud environments. This ensures only properly configured and approved images are available and used in an organization’s cloud and DevOps environment.
2. Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organizations should scan both online and offline container instances and libraries for image integrity. This will help securely facilitate a move to DevOps or cloud by improving.
3. Manage shared secrets and hard-coded passwords. “Governing and controlling shared and other privileged accounts represents one of the most important tactics organizations can employ to limit the effects of data breaches resulting from NGT,” the report said. Examples of shared secrets include developer access to source control, DevOps tools, test servers, and production builds.
4. Enforce least privilege and appropriate credential usage. Organizations should only grant required permissions to appropriate build machines and images through least privilege enforcement. This requires first eliminating administrator privileges on end-user machines, securely storing privileged account credentials, establishing a workflow process for check-out, and monitoring privileged sessions.
5. Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, quality assurance, and production systems.

Next Steps: “Foundational security layers and best practices discussed in this study are just as valid for next-generation IT as they are today,” the report proclaimed. “In fact, they’re even more valid with the added complexity and pace of change. Organizations interested in securing NGTs must implement these best practices as soon as possible. It’s much easier to plan and proactively secure these initiatives before the migration of workloads and services begin.”