Intelligent CIO Middle East Issue 33 | Page 28

TRENDING (PAM), affect the adoption of NGTs, BeyondTrust surveyed 612 IT professionals. DevOps has reached mainstream: AI and IoT not far behind The survey found broad interest in NGTs, with the most common being Digital Transformation (DX), DevOps and IoT. IT reports these NGTs are important for organisations, with 63% saying DX will have a somewhat to extremely large impact on their organisation, followed by DevOps (50%), AI (42%) and IoT (40%). Significant movement towards the cloud The survey also found that cloud transformation is accelerating. Respondents indicate that 62% of workloads are on-premises, with 15% in a public cloud, 11% in private clouds and 8% in SaaS applications. Over the next three years that is projected to dramatically change on- premises drops to 44%, public cloud jumps to 26%, private cloud increases to 15% and SaaS increases to 12%. One in five respondents experienced five or more breaches related to NGTs Security issues, as a result of NGTs, happen at an alarming rate. A total of 18% of respondents said they had a breach related to NGTs in the last 24 months that “ THE TOP COSTS ARE LOST PRODUCTIVITY, LOSS OF REPUTATION, MONETARY DAMAGES AND COMPLIANCE PENALTIES. resulted in data loss, 20% experienced a breach that resulted in an outage and 25% saw breaches over that time period that triggered a compliance event. One in five survey respondents experienced five or more breaches. Too much privilege results in breaches The study shows that, more than half the time, these breaches occur due to trusted users doing inappropriate things for innocent reasons, with 13% of respondents indicating it happens ‘often’ or ‘all the time.’ In 18% of the cases, it’s trusted insiders going rogue and in 15% of the cases, it’s outsiders gaining privileged access to steal credentials. In each case, excessive privileges are to blame. There are real business costs that result from breaches. The top costs are lost productivity, loss of reputation, monetary damages and compliance penalties. Privileged Access Management can facilitate the move to NGTs Morey Haber, Chief Technology Officer at BeyondTrust 28 INTELLIGENTCIO Respondents overwhelmingly indicate that PAM-related capabilities can improve security and facilitate a move to NGTs. Top practices include controlling and governing privileged and other shared accounts (60%, 59%, respectively), enforcing appropriate credential usage (59%) and creating and enforcing rigorous password policies (55%). In fact, all of the respondents said they are employing at least one PAM-related best practice to avoid NGT problems with privileged access. How Privileged Access Management can enable the transformation to next-generation technologies To improve security while reaping the transformative benefits that NGTs offer, organisations should implement five Privileged Access Management (PAM) best practices that address use cases from on- prem to cloud. • Discover and inventory all privileged accounts and assets. Organisations should perform continuous discovery and inventory of everything from privileged accounts to container instances and libraries across physical, virtual and cloud environments • Scan for vulnerabilities and configuration compliance. For DevOps and cloud use cases, organisations should scan both online and offline container instances and libraries for image integrity • Manage shared secrets and hard-coded passwords. Governing and controlling shared and other privileged accounts represents one of the most important tactics organisations can employ to limit the effects of data breaches resulting from NGTs • Enforce least privilege and appropriate credential usage. Organisations should only grant required permissions to appropriate build machines and images through least privilege enforcement • Segment networks. Especially important in DevOps, lateral movement protection should be zone-based and needs to cover the movement between development, QA, and production systems “It is encouraging to see that organisations understand the benefits that Privileged Access Management can deliver in protecting next-generation technologies, but there are more best practices to employ,” said Morey Haber, Chief Technology Officer at BeyondTrust. “The survey affirms that security should be at the forefront of new technology initiatives, otherwise, organisations can experience serious financial, compliance and technological ramifications later on.” n www.intelligentcio.com