Data is the most essential part of any organization. With an increasing amount of data daily, it's becoming very difficult for an organization to manage it efficiently. Advancement in technology has given hackers different tools and techniques through which they can easily conduct a breach without being noticed. Another scenario is that a person having the unwanted privilege to important roles can easily conduct malicious activities without getting noticed.
Forrester, which is one of the most credible sources of information, estimates that around 80% of data breaches involve compromised privileged credentials. The more important this issue is, the more neglected it has been for ages until Microsoft released privileged identity management (PIM). Privileged Identity Management is a tool through which superusers can manage the privileges given to each user efficiently. It is recommended to not have many super users/ administrator accounts as it can also exploit the security of an organization. The main goal of a hacker is to gain access to privileged identities and perform malicious activities. Hence, 2 or 3 administrator accounts are enough. Minimizing the number of users having privileged access to important information reduces the chance of any external or internal actor having access to important information.
Privileged Identity Management provides an organization with the following important features which in turn minimizes the chances of security leaks.
1.Just in time and time-bound privileged access: The user is given special permission for a given time frame and when the specified time expires the permissions are revoked automatically. The best practice is to set the time frame to 4 hours maximum and if the user needs more time then he can request an extension.
2.Proper approval system for the required privileges: Access to the user is given after following a proper procedure of approval i.e. user must justify the need for that privilege and approval should be granted by the assigned staff. It is recommended to given approval rights to non-technical staff if a technical person requires permission and vice versa.
3.Multi-factor authentication: The user can have those permissions after the approval only when it verifies his/her account through multi-factor authentication.
4.Notification system: When the privileged roles are activated, the administrator is notified through email.
5.Audit History: The audit history is available to the administrator so that he can easily check the privileges and activities of a user at any time.
There are 2 types of roles that can be managed by Microsoft Azure PIM:
1.Azure AD roles: It includes all the roles in an azure active directory such as Global Administrator, Security Administrator, Exchange Administrator, etc.
2.Azure Roles: These are the built-in roles in azure that have assigned permissions to particular resources. It includes Contributors, Readers, etc.
We can also make custom roles for our organization and then provide access to users.
- Log in to the Azure portal with the administrator account.
- Go to Azure Active Directory -> Properties and turn on the Access Management for Azure Resources.
- Now Search Privileged Identity management from the search bar.
- Go to settings and edit the assignment first
- Set the Maximum duration to 4 hours (Best Practice)
- Set the on activation require to Azure MFA.
- Select the people for approval of the assignment
- Do all other settings as you require.
- After then, On QuickStart, Click on Assign Eligibility, you will be directed to Roles.
- Click Add Assignment
- Select Role from the drop-down menu and the member you want to assign that role.
- Click Next and Uncheck the permanent eligible checkbox.
- Click the active radio button to enter the justification of the assignment.
- Select the date and time duration of the assignment.
- Click Save.
Unmanaged privileged identities can be exploited by both insiders and external attackers. If they are not monitored, held accountable, and actively controlled, malicious insiders, including system administrators, can steal sensitive information or cause significant damage to systems. Hence, it is necessary for organizations to use this amazing tool provided by Microsoft Azure. Although Amazon and GCP also provide this service, but right now Azure is the most efficient player in the market providing quality services in this field.