The critical difference is the word “privileged.” Privileged access means the user, wherever they access your network, usually has administrative permission to view or alter important files or systems in your network.
Whenever credentials permit access to sensitive data it’s critical that they tightly protect it – even if it’s an inside user. An external user with privileged access presents significantly more risk to your network.
Secure Remote Access Connection Checklist
Are you confident that your company’s remote access connection’s built to provide secure remote access? Use this checklist to determine if your remote access connection is safe enough to protect your business from a third-party data breach.
What Does Good Access Management Look Like?
Carefully consider who should be granted privileged access to your system and network content. Privileged users are often hacker targets. Because they have the keys to your system, compromising a privileged user makes it easier to infiltrate your network.
To mitigate this risk, ensure vendors never have privileged credentials to your network. Third-party remote access should be controlled and monitored while still allowing timely access to necessary systems to perform support tasks.
The first step is making sure the user attempting to access your network is authorized and authenticated. Two-factor authentication should be baked into your access management systems. It demands two independent identity checks that will stifle intruders holding stolen passwords. You want the two factors to authenticate the identity of the user as well as confirm the user has authorized access. Requiring a simple username and password does neither of these.
As discussed, privileged credentials permit users access to sensitive systems. These should never be handed to vendors. Restricted controls are the only way to securely manage third-party remote access. While some third-parties may need privileged permissions to support their technology on an enterprise network, sweeping access should not be given. Ensure user accounts aren’t shared, and every action is tied to an individual – helping ensure accountability and compliance.
Advanced logging capabilities are essential to track all activity at a granular technician and user level. Extensive audit should report the “Who, What, When, and Where” details necessary to maintain compliance.
Remember, there is a difference between a user on your system and someone with privileged system access to sensitive or valuable data and functions. Make sure you know the difference.