The solutions from the PIM/PUM/PAM area offered by APIUS enable to create a fully transparent and very friendly working environment for privileged users. Thanks to the technology we employ, administrators can use an intuitive and simple tool, while the security department has a powerful system for monitoring the work of IT personnel.
One of the biggest challenges related to IT security is to prevent privileged users (administrators) from performing unauthorised activities. While the rights of ordinary users of websites, business applications or operating systems are well defined and limited, the administrators are, unfortunately, often beyond any control and supervision. It should be remembered that the risk carried by privileged users accounts increases with the development of their rights in IT systems.
In general, system administrators and other privileged users have the option of establishing a remote connection to the administered systems by using their workstation in such a way that they can see the screen of the remote device/server as if they were actually sitting in front of a screen that is connected to it. In fact, the administrators are usually located even in another part of the world. Currently, large data centers are located in various regions of the world. Large companies also have many data centers and various business departments (IT, HR, customer service, sales department, financial department, etc.) that often operate in different parts of the world. Therefore, remote access to servers/devices is basically a normal part of the daily work of administrators.
Who are the privileged users? At first thought, the answer is simple – administrators. But in fact, the notion of privileged users covers not only administrators but also a much broader group of individuals within a company. They can be divided into the following types:
As we can see, apart from administrators, there are several other types of users in the IT environment who have considerable privileges. To complicate the issue, often several employees share access to such accounts, which makes it more difficult to track who actually used the account at the specific time when, for example, an event occurred.
The privileged users are a potential source of threat to safety in many different situations. In most enterprises, users at different organisational levels have the possibility to directly access and manipulate the most sensitive information such as CRM, HR data or credit card numbers. Among such users, there may be employees of legal departments, HR managers, accountants and a number of other people working for the organisation. By losing or causing leakage of data, business users can severely harm the reputation of the enterprise.
In addition to privileged business users, there are people who are IT administrators, external consultants or CxO level managers who often have almost unlimited and uncontrolled access to the enterprise's information resources. The majority of employees are trustworthy and honest, but there are always people in a large group who abuse the trust placed in them, and administrators are no exception. These users may deliberately – or accidentally – take harmful actions in information systems and thus cause huge damage to the enterprise.
What are the most important features that a mature and professional PIM/PUM/PAM system should have?
The solution offered by APIUS meets all the abovementioned features and is based on four basic elements: