The physical location of users matters less and less in how we conduct business. A 2019 study showed that 62% of people surveyed worked from home at least part of the time. In the same study, 82% of those who worked remotely at least part of the time reported that they planned to either maintain or increase their level of remote work. Further, more than half (51%) of those who did not do any remote work wanted to start.
Despite the environment that we find ourselves in today – with a significant, yet temporary, uptick in remote employees — it’s still highly likely that the number of part-time or even permanent remote workers will continue to increase.
One thing to keep in mind is that these figures don’t take into account the number of remote vendors who function like employees by performing essential tasks for the company. These users often need access to critical systems the same way an employee does. Of course, with greater flexibility for workers comes greater security risks. In order to provision access, organizations often rely on insecure and inefficient methods, typically relying on VPNs to provide secure access.
However, not all remote workers’ privileges are created equal. Some may require access to just email and a smattering of business applications, while others may need access to critical business applications like payroll, HR and sales and marketing data. External IT service providers performing outsourced help desk support require the same broad access as internal IT providers.
Today, we’ll identify the top five types of remote workers who often require elevated privileges to systems and discuss how privileged access management (PAM) with CyberArk Alero can help organizations provide secure and easy access to critical systems managed by CyberArk.
1. Remote IT or Security Company Employees
These users include people like domain admins, network admins and others who typically access critical internal systems from inside the office but may now have to do it remotely. When IT or security work from outside the office walls, it throws a wrench into security administrators day-to-day.
Identifying the precise levels of access needed by remote IT and security employees and implementing least privilege rights to ensure that they’re only accessing what they need is critical. Traditional solutions like VPNs can’t provide the necessary level of granular, application-level access to do this effectively. Assigning this kind of granular access is important as it helps prevents situations like a Windows admin having access to root accounts.
Integrating security tools with the directory service to provide automated, specific access needs to be set up ahead of time so that, in the event of an unplanned spike in remote work, there’s no gap in IT or security functions while secure conditions for working from home are established..
2. Third-Party Hardware and Software Vendors
Third party vendors for hardware and software, including IT Service providers and contracted Help Desk support, often provide remote services and maintenance that require elevated privileges. These types of vendors would typically require admin-level access to perform tasks on any variety of Windows or Linux servers or databases and are called on to perform patching, system updates and more.
They each essentially act as domain level administrators and, thus, can wreak havoc on the environment if not properly monitored and provisioned properly. However, identifying these users and accounting their individual levels of remote vendor access is usually done on a case-by-case basis by administrators which can take an abundance of time. It’s important to make sure that all of these users are identified and have the correct access provisioned. – Read more