Author: Carol Caley, PMM, Xage Security
Here at Xage, we know there’s a growing demand to allow users to remotely access environments with the high privileges necessary to tap into sensitive resources and do increasingly business-critical work. Businesses are poking holes in defenses to get benefits like increased efficiency and access to a broader, global workforce. Tapping into third party expertise, or taking advantage of software vendor support and services by allowing outsiders to remotely access critical networks are also driving both business value and added risk. Those advantages come with increased cybersecurity threat, as attackers often use remote access tools as an attack vector. This combination of factors is driving the rising prevalence of more secure options like remote privileged access management (RPAM) tools.
Remote privileged access management enables remote access that has the granular control of identity and access of privileged access management (PAM) tools built in. Xage Security was listed as an example in the CPS secure remote access tools category. Read on for some highlights from the Gartner research and a bit on what we here at Xage Security make of all this.
Key Findings (and Commentary)
Reducing Attack Surface
Gartner Key Finding:
“Traditional remote access solutions, such as virtual private networks, open the door to attackers, because they provide a direct connection between potentially untrusted administrator endpoints and critical systems and infrastructures.”
Thoughts on the matter from us here at Xage:
VPNs are a creature of the old era, where once you’re in the metaphorical building, all doors are open to you. The thing is, if you let the wrong person in then you’ve got a problem. And (to stretch this metaphor to its limit) modern networks have about a millions exterior doors, making it nigh impossible to screen everyone coming and going. VPNs, at best, tend to subdivide areas broadly, giving users access to a big chunk of infrastructure like VLAN segments, but the setup requires a lot of work. RPAM can follow least privilege principles out of the box.
Importance of Audit Logs
Gartner Key Finding:
“Gartner client interactions have revealed that many organizations are finding it increasingly difficult to implement robust controls that monitor, govern and establish better audit trails to track privileged activities of remote users leading to administration and governance oversight.”
The Xage take:
Audit trails are an important means of investigating any security incident and (ideally) ruling out malicious action. In the event of a data breach or compromise, they’re absolutely critical. So the importance here is clear: organizations need a good way to audit remote users and many of them don’t currently have an effective tool or process.
Remote Access Involving High Privilege
Gartner Key Finding:
“Most of the remote access tools and methods in use are not like-to-like alternatives to remote privileged access management tools for securing privileged access.”
The Xage take:
Remote access used to be way less common than it is now. For a long time it was focused on a few specific use cases, like giving IT support staff access to a computer to fix issues over the phone. These tools have been adapted to use cases they weren’t intended for, which creates security risks if they’re accessing sensitive, mission-critical systems with a high degree of privilege. They can do it, but they don’t have the capability to follow the principles of least privilege.
RPAM: A More Secure VPN Alternative
Gartner Recommendation:
“Secure remote privileged access risks by adopting an approach using RPAM tools without a virtual private network.”
The Xage take:
Not much to add here. I think most folks can agree that VPN isn’t a secure option where high privilege is involved.
Securing Cyber Physical Systems (CPS)
Gartner Recommendation:
“Manage remote privileged access to CPS through RPAM and enable just-in-time access with zero-standing privileges to provide granular visibility and increase administrators’ productivity.”
The Xage take:
Whether they have CPS or not, organizations need ZTNA and PAM capabilities that span enterprise applications, IT assets, and cloud resources as well. There are necessary capabilities for securing remote access to CPS (like being able to support OT-specific native applications) but broadly CPS Secure Remote Access tools are doing what any RPAM needs to do: tightly control and audit who has access to what and for how long.
Remote Everything Necessitates RPAM
There are a lot of necessary business functions that require privileged access and being able to do them remotely can mean massive gains in efficiency and, ultimately, profits. We’ve moved into a world where air-gapping is a rare practice that tends to introduce more friction than it is worth. That means we need to start applying zero trust, least privilege principles to all access—remote and otherwise. RPAM tools are an important step in that direction.
Gartner, Securing Remote Privileged Access Management Through RPAM Tools, Abhyuday Data, Felix Gaehtgens, Michael Kelley, 28 December 2023
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.