First and foremost, embracing Dynamic Access requires an identity-based approach to access management. This means that access to systems is defined at the individual or employee level, and access is provisioned based on the needs of that specific individual.
The criticality of this approach cannot be overstated. Without foundationally basing access on what each individual person in your organization needs, it becomes impossible to dynamically adjust access when turnover, role changes, or new technology adoption occurs.
SAMM: Privileged Access Management
Level 2 of the Secure Access Maturity Model is primarily focused on adding additional security measures for the most sensitive accounts. These typically include accounts with admin-level privileges and those with elevated privileges— basically any account that has direct access to sensitive data or settings.
Attributes of Level 2 Access
|
Personal-privileged accounts managed by PAM
|
Access tends to be “always on”—meaning credentials and accounts are primarily de-provisioned when an organizational change happens
|
Privileged Access Management
The main characteristic of Level 2 is the adoption of security measures that ensure accounts with elevated privileges have extra protections. This practice encompasses an entire technology category: Privileged Access Management (PAM).
PAM solutions establish policies and practices that ensure the security of sensitive data through the close management of administrative accounts. The idea is to add additional security layers for those accounts that represent the most risk in the case of a breach. The biggest challenge, however, is that the scope is very narrow—it only helps to protect privileged accounts, and in many cases, a limited set of resources.
Technologies often used as part of Level 2
|
Privileged Access Management Tool
|
Your organization has a PAM tool that secures and manages privileged accounts. In some cases, this may include tools that help onboard/offboard users and supports audits.
|
In most organizations, elevated privileges exist beyond admin accounts. This could be a developer or engineer with access to production data, or even marketing teams with access to sensitive customer data. Levels 3 and 4 of the maturity model will help to close this gap.
In fact, it’s possible to skip Level 2 of the maturity model altogether.
Access Lifecycle: Always On
Similar to Level 1 of the maturity model, Level 2 has an “always on” lifecycle for credentials. This is defined as credentials being created when someone joins an organization, or a new technology is adopted, and that credential exists in perpetuity until that individual leaves or the technology is retired.
From Privileged Access to Dynamic Access
PAM has been the gold standard for protecting access for a long time and it makes sense, because if you can’t protect everyone or every tool, protect the people and tools that carry the highest risk. But that just isn’t the case any more.
Modern organizations must extend protection of access to all employees and all tools. Any less and you’re leaving yourself open to risk.
Traditional PAM environments leave critical gaps in your access management program, including cloud environments and new and modern tools. Dynamic Access Management (DAM) addresses this by providing just-in-time access to every technical employee, every tool in your stack, and ensuring that every action taken is logged and kept available for audits and investigations.