Access governance, a control tower for the PAM
Extracts of the folder of Jaques Cheminat in the Mag-Securs with the Kleverware contest.
Here you can find the complete article: https://www.mag-securs.com/dossiers/artmid/1892/articleid/5105/droit-d%E2%80%99acces-et-comptes-a-privileges.aspx
«Equifax, Deloitte, Uber, recent violation of data usually have different hacking methods but one thing in common: they aim to get access to critical applications as database, client base and bank details.
Generally, these applications are subject to authorization and attached to privileged accounts.
Their protection is a real requirement in a world increasingly open and unsafe.
The scatterplot representation of the access rights subject and privileged accounts is very dense.
PAM(Privileged Access Management), governance of access, proxy, bounce server, SSH, RDP, Bastion host, password manager, discovery, logs management , end-to-end encryption are a non-exhaustive list of used terms.»
The article offers a quite complete description of PAM solutions and then expand to the complementary of the solutions of governance on the subject access:
«If the 2 center elements in the access right and privileged accounts managements are the bastion host and the logs manager, we have to remember the complementary solutions: access governance and data rooms […]»
In order to ensure the efficient of this audit, a mapping is necessary. « We extract data from the information system at a granular level, from human ressources, partners access, database, annuary(Active Directory, LDAP). Finally, we make an inventory of rights access », explain Arnaud Fléchard, CTO de Kleverware, and French specialist of access governance. He adds, « This work gives a view of all sensitive and critical rights and helps for the distribution of tasks ». The IAG offers (Identity and Access Governance) serves to control rights access and are a complement for the PAM or IAM solutions. ».