PAM, POPI join forces
With POPI obligations, maintaining integrity and security of data providers’ personal information is critical. Privileged access management (fondly know as PAM) is helping with POPI implementation. By Mark van Vuuren, Product Manager, Corr-Serve
Managing privileged access to personal information has become a business obligation almost everywhere in the world. Regulations such as the upcoming POPI (Protection of Personal Information Act) and GDPR (General Data Protection Regulation) compel companies to maintain the integrity and security of their own, and their data providers’, personal information.
Apart from regulatory pressures, businesses are subject to growing pressure to adopt certifications that guarantee the integrity and security of personal data, such as ISO 27001, NIST’s Cyber Security Framework, and PCI DSS.
One way that companies have found to comply with these standards is by adopting an efficient privileged access management (PAM) solution. There are often hurdles to overcome in this process and completing the cycle of access can be complex.
Before introducing PAM
To have a broad and efficient privileged access management, you have to pay special attention to the initial phase of managing privileged credentials. This is the first critical step in provisioning and guaranteeing access to certified machines and privileged credentials through digital certificates, passwords and SSH keys. Spending time getting this phase right will mean that your PAM solution is really set up to keep POPI at bay.
While privileged access management actually takes place, you should make sure you can track all user activities in the privileged session in real-time. It’s important to be able to monitor and analyse suspicious behaviours from users and machines, and across devices on the network. Make sure you choose a solution that can define and limit the tasks that a privileged session will be allowed to perform. Failing to have this functionality could seriously impact the entire organisation’s security systems.
Take care that your PAM records every action taken in the privileged session. Through this audit, your company ensures that, during the sessions, there are no security breaches, can record all actions performed by users and machines, and allow viewing the privileged session recording.
It sounds simple but, across the board, companies report great difficulty in implementing these three core functionalities within PAM solutions. Often, without an integrated solution, companies opt for implementing multiple solutions and struggle with siloed information and approaches. It can also lead to cracks and crevices for attackers to breach.
Look for an integrated solution that performs the three phases effectively in just one environment, facilitating the management of privileged credentials and keeping your company secure, free from fines and leaks of sensitive data.