Okta

Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

How Companies Need to Set Up Privileged Access Management

Daniel Lu
Product Marketing Manager, Single Sign-On

Let’s face it—your network is under attack. You might not know who, you might not know when, but you do know that they are coming.

The Petya ransomware, WannaCry, and Democratic National Committee email hacks all point to the fact that network security breaches are here to stay. A large breach of sensitive information (like the ones at Target and Sony) is a worst nightmare situation for anybody in charge of security for his or her enterprise. Attacks like these are the reason network security needs to be a top priority for every business.

What are the security implications of Privileged Access Management (PAM)?
External attackers and malicious insiders are after your privileged account credentials. If an attacker were to get access to privileged superuser accounts, such as those granted to system administrators or CIOs, they would have complete access to your enterprise. They would be able to access your customer and client information and company data. With complete superuser access, it would be easy for them to cripple your organization.

Privileged Access Management (PAM) is used to protect these superuser accounts through the concept of Just-Enough-Access. Okta provides state-of-the-art defense against unauthorized permission, which is your key defense against attackers and malicious insiders.

What’s the best way to set up PAM?
Privileged users face the same problems other users do when it comes to security: it needs to be easy for them to access the tools they need, but extremely difficult for anyone else.

Innovative companies steer away from manual, siloed processes and invest in solutions that are:

  • Adaptable. Access should only be permitted at the times when it’s needed, and it should be easy to change permissions or revoke access after a certain length of time.
  • Password-free. A single password is not sufficient to protect a privileged account. Adaptive MFA is a much safer approach.
  • Streamlined. It should be easy to see and manage permissions across systems.
  • Traceable. Privileged users shouldn’t be able to conceal their actions. Your PAM setup should enable internal or external auditors to view the history of any privileged user.

How can Okta help secure your IT infrastructure with PAM?
Many IT managers will admit that their system has a weakness when it comes to permissions. This problem gets worse quickly when a company is growing, and permissions creep makes it hard to keep track of who has access to what.

Lifecycle Management
Take back control of your permissions with Lifecycle Management. You can see who has access to what tools at any time. Use it with your existing Active Directory setup or work with Okta’s Universal Directory. Either way, you’ll get an at-a-glance view of permissions across all your domains. When users come and go, you’ll have full visibility into the tools they have and can grant or terminate access as needed—all in one place.  

If you need to grant temporary access to a third party, it allows you to ensure that they only have access to what they need, and you can easily revoke those permissions afterwards.

Adaptive Multi-Factor Authentication
As we’ve mentioned, passwords alone are not sufficient security—especially when it comes to superusers and other privileged users. Adaptive Multi-Factor Authentication secures the perimeter safely but flexibly. Contextual access policies give you complete control over who can access what, and when.

For your highest-level permissions, Okta allows you to set exactly what parameters are required for a certain action.

For example, permission to change an employee’s salary information could be safeguarded by not only restricting it to specific users, but also to a certain physical location. Or, production orders could be safeguarded by requiring a certain group of users to not only log in with user credentials, but also authenticate by voice or SMS.

Privileged users are a necessity in any organization. However, they’re also a security liability. Every day, over five million records are compromised as a result of data breaches. Secure your privileged users today by starting your free trial of Okta.
 

 
Daniel Lu
Product Marketing Manager, Single Sign-On

Daniel Lu is a Product Marketing Manager at Okta focused on Okta’s Single Sign On product. He’s responsible for growing the Single Sign On business and takes every opportunity to discuss why Okta has the best Identity and Access Management platform in the market. Daniel has focused his career on scaling great businesses. Prior to Okta, Daniel was part of business strategy at Adobe and before that, he co-founded a golf company.

Daniel holds an MBA from Northwestern University and a BS in Electrical Engineering from University of California, Davis. He’s a rare Bay Area native and currently lives in San Francisco. When he can, Daniel tries to make time for international travel, new restaurants, and exercise.