In the ever evolving workplace more organisations are moving towards hybrid work models, allowing for remote & office based working. With the increase in remote workers & third parties attention must be given to securing remote access methods into IT environments. With more people than ever working outside corporate offices, the issue of how they can safely access IT systems while protecting those systems from attack must be a priority.
What is Traditional access?
Remote access can be applied to anyone connecting to the environment from outside of the corporate office. For many organisations, the quickest & simplest method is to deploy a VPN (Virtual Private Network). While this solution can provide back logs of the times a client was connected, this doesn’t reflect what systems were accessed or what was done during the session. Below is a short overview of many of the common problems with VPN & security:
- VPNs do not ensure security profile of the client system, including software, accounts & password policies.
- Poorly managed clients connecting via VPN can potentially compromise corporate systems with malware.
- VPNs do not support the principle of “least privilege”, limiting access to the necessary systems for the required duration.
What is PAM?
With the risks associated with the traditional method, many organisations have began to move towards PAM (Privileged Access Management) Solutions. By addressing the challenges posed by VPN, PAM offers simplified and secure remote access while providing detailed audit trails to achieve compliance and satisfy auditors.
How does PAM work?
Privileged Access Management starts by separating remote access from managing the privileged access. Using the PAM UI appliance, a web portal can be exposed for external users to connect to without exposing organisational information. As a result, organisations can securely control & manage users authentication before they even get access to the credentials they’ll be using. Following this, a secure connection is made to the internal PAM server on behalf of the user, creating a secure air-gap type connection.
What are the advantages of PAM?
Below is a short list of the key benefits from a Privileged Access Management Solution:
- Only the PAM UI server is deployed in the DMZ (Demilitarised Zone), meaning there’s no access from outside the business to the PAM server.
- The Remote User / Third Party doesn’t need to install any specific client software.
- The User access the PAM UI where authentication takes place before the user can even reach the PAM server.
- Once authorised, PAM UI opens a secure connection with internal PAM server to traverse the network zones. No need to open RDP or SSH ports anywhere.
- The PAM Server then connects the user to the target device using privileged account credentials. Credentials are never passed to the user’s workstation, so can’t be compromised.
What is the Next2IT Solution?
Here at Next2IT, we work closely with Osirium to secure remote privileged access without exposing any passwords / keys. Osirium can provide the user with access to a Role, rather than an actual privileged account to achieve least privilege. The accounts users interact with have their credentials and passwords managed automatically by Osirium, ensuring they are changed regularly. Next2IT work with your organisation to deploy PAM with your organisation ensuring all configurations are set appropriately for your needs, allowing you to focus on what you do best.