IT-security Topics

Privileged Account Management: Are we in control?

Privileged accesses are key to an organisation’s most precious assets, and a frequent target for attackers

Challenges

Are we in control over who has privileged access to which IT systems?

PAM (Privileged Access Management) refers to the tools and technologies used for monitoring, administering and securing privileged credentials to IT systems. Getting in control of privileged credentials is a highly prioritised area for any organisation that aims for a strong cybersecurity posture, as potential misuse of these accesses poses a tremendous security risk for organisations.

Privileged or elevated access enables users to access critical business information, or to perform administrative actions that can impact the operations of the business, e.g. shutting down systems or changing configuration settings on the network. Privileged accounts are accounts that can be used to leverage privileged access. Examples of privileged accounts include local administrative accounts, service accounts, application accounts, or Active Directory or Windows domain administrative accounts.

A central principle of PAM is the ’least privilege access’, i.e. access should be granted to the minimum extent possible to perform required business activities. Management of privileged access should ideally be performed using a PAM solution, which stores privileged credentials in a secure vault, as well as ensuring that access to these credentials is monitored and audited according to defined policies. Implementing a PAM tool and strong supporting processes helps organisations tackle some of these typical challenges:

  • Lack of an overview of privileged accounts within an organisation

  • Passwords to privileged accounts are not stored securely and changed frequently

  • Privileged accounts are often shared between multiple people, further increasing the difficulty of monitoring them

  • Potential catastrophic consequences of an attacker taking control over privileged access.

We have extensive experience in consulting and implementing how to secure and streamline IT operations to harden the defence against cyber threats. We help our clients to determine and implement the right controls, processes and tools to increase cybersecurity within the organisation.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

If you would like to know more about how to increase cybersecurity with Privileged Account Management, contact our experts below.

Christian Schmidt

Director

Michael Møller Kristensen

Manager