Sharing screens and access rights management

Apr 18, 2018

Imagine a telecoms operator with an internal infrastructure of 1000 hosts to which external subcontractors must have remote access via SSH and RDP. What can he do to deal with that?

In the global village, the access to a company’s internal resources, and the authorization management that follows, become problematic when the resources must be available to subcontractors and suppliers, often operating from across the world. One can cope with that – but not without a tool.

Within large companies, suppliers will often be located on the other side of the world, thus working in completely different time zones. How to provide them with comfortable work conditions while supervising their activity during a given session? Mind you, there are 300 parallel sessions at the same time; no one is able to monitor that…

This is where access rights management comes into picture. Simply put, the rights are a set of policies – do’s and don’ts if you will – related to accessing specific resources, where a resource is understood as a directory, file, disk or the entire workstation.

The structure of the said access rights very much resembles the internal structure of any given corporation. The hierarchy is dominated by a trusted “superior authority”, and the propagation of additional rights is most often carried out using the application mechanism. The applications are dealt with by a dedicated unit or group of privileged users with wider access rights. The entire application flow is recorded and stored for future audits.

Apart from structuring access rights itself, it is also very important to monitor the access granted, e. g. by recording session progress or monitoring the status of a shared object. Analytical tools used here often allow for graphical data presentation, so that all kinds of incidents are easier to capture by administrators.

Statistics published last year in a report show how difficult it is to manage access rights these days. Namely:

• 80% of all security breaches relate to privileged accounts
• It takes more than a week to detect 82% of the breaches

Today, the remote workplace model, which entails the need to share internal resources, is becoming increasingly popular. A natural consequence of this approach is the growing importance of Privileged Access Management systems (PAMs). According to the said report, 60% of security experts believe that PAMs are indispensable to maintain regulatory compliance.

This is linked to the General Data Protection Regulation (GDPR) which regards the protection of individuals related to data processing as a fundamental right. It can already be demonstrated today that the only effective way to ensure this protection is through efficient management of access rights combined with cryptographic mechanisms providing confidentiality and integrity.

Data presented by Thycotic, a provider of PAM solutions, calls for an urgent action with GDPR around the corner and the necessity to tighten data access that the regulation carries with it. According to Thycotic:

• 66% of organizations still manage access rights manually
• 20% of organizations have never changed their default passwords to privileged accounts
• 30% of organizations allow free access to accounts and passwords
• 40% of organizations use the same access data for regular and privileged accounts

Given the regulatory framework (GDPR) and the ever-increasing volume of data being processed, it must be said the time is now to change the way of managing access rights, for the one that will effectively help prevent unauthorized access to critical resources and mitigate consequences of such access should it ever happen. 

Article by Paweł Bułat, Project Manager at Comarch
Paweł is an expert with strong experience in the cyber security domain. For over a decade he has been gaining experience in security solutions for online banking, based on strong cryptography. He has developed security extensions for web browsers and coordinated works over ECC Hardware Token (software and hardware layer). Currently he is a member of SecureAccess team where he works on the PAM family system for monitoring protocols such as SSH, RDP (also for VDI solutions). 

Comarch Financial Services is a provider of state-of-the-art IT solutions for banks, insurance companies, brokerage houses, asset management companies, as well as investment and pension funds. The systems and applications offered by us for the financial market are characterized by high quality, excellent performance and great flexibility. Our wide product portfolio allows for the precise selection of software thatmeets clients’ expectations, preferences and capabilities. Send us an email at finance@comarch.com.

About

Comarch Financial Services is a provider of state-of-the-art IT solutions for banks, insurance companies, brokerage houses, asset management companies, as well as investment and pension funds. The systems and applications offered by us for the financial market are characterized by high quality, excellent performance and great flexibility. Our wide product portfolio allows for the precise selection of software that meets clients' expectations, preferences and capabilities.

Visit our website finance.comarch.com
 

Other Articles