PAM, POPI join forces

With POPI obligations, maintaining integrity and security of data providers’ personal information is critical. Privileged access management (fondly know as PAM) is helping with POPI implementation. By Mark van Vuuren, Product Manager, Corr-Serve

Johannesburg, 05 Nov 2020

Managing privileged access to personal information has become a business obligation almost everywhere in the world. Regulations such as the upcoming POPI (Protection of Personal Information Act) and GDPR (General Data Protection Regulation) compel companies to maintain the integrity and security of their own, and their data providers’, personal information.

Apart from regulatory pressures, businesses are subject to growing pressure to adopt certifications that guarantee the integrity and security of personal data, such as ISO 27001, NIST’s Cyber Security Framework, and PCI DSS.

One way that companies have found to comply with these standards is by adopting an efficient privileged access management (PAM) solution. There are often hurdles to overcome in this process and completing the cycle of access can be complex.

Before introducing PAM

To have a broad and efficient privileged access management, you have to pay special attention to the initial phase of managing privileged credentials. This is the first critical step in provisioning and guaranteeing access to certified machines and privileged credentials through digital certificates, passwords and SSH keys. Spending time getting this phase right will mean that your PAM solution is really set up to keep POPI at bay.

During

While privileged access management actually takes place, you should make sure you can track all user activities in the privileged session in real-time. It’s important to be able to monitor and analyse suspicious behaviours from users and machines, and across devices on the network. Make sure you choose a solution that can define and limit the tasks that a privileged session will be allowed to perform. Failing to have this functionality could seriously impact the entire organisation’s security systems.

After

Take care that your PAM records every action taken in the privileged session. Through this audit, your company ensures that, during the sessions, there are no security breaches, can record all actions performed by users and machines, and allow viewing the privileged session recording.

It sounds simple but, across the board, companies report great difficulty in implementing these three core functionalities within PAM solutions. Often, without an integrated solution, companies opt for implementing multiple solutions and struggle with siloed information and approaches. It can also lead to cracks and crevices for attackers to breach.

Look for an integrated solution that performs the three phases effectively in just one environment, facilitating the management of privileged credentials and keeping your company secure, free from fines and leaks of sensitive data.

senhasegura

MT4, developer of senhasegura, has more than 20 years in its market, with customers and partners on 5 different continents, in over 40 countries. In addition to its international presence, the senhasegura has also positioned itself in the Brazilian market as a leader in privilege management solutions and is among the top 3 Privileged Access Management technologies evaluated by the Gartner’s 2020 Critical Capabilities report for PAM. Further information is available at www.senhasegura.com

Corr-Serve

Corr-Serve provides intelligent solutions for today’s digital complexities, unrelenting innovation and continuous business risk and security threats. The company’s solutions interpret security, performance and governance data, harnessing the power of Machine Learning (ML) and Artificial Intelligence (AI) for analytics that make sense of the digital noise. www.corrserve.co.za

Editorial contacts