Paradigm shift ahead: Forrester analyst Geoff Cairns stresses the cybersecurity risks at play when organizations do not rein in excessive credential use. “Persistent standing privilege, yes, I think that is rampant,” he says. “It is something that attackers can target and then leverage to move laterally through systems and create havoc. The elevated privilege makes that all the more impactful.”Yet Cairns sees the hard road ahead in tackling this issue in modern enterprise environments.”It is a challenging problem to solve in a very complex IT landscape, with on-prem, cloud, SaaS” and it is going to get exponentially worse with “the explosion of non-human identities,” including autonomous agents, Cairns says. Greyhound Research’s Gogia agrees that non-human identities (NHIs) are going to make the problem of excess credential use far worse.”The center of gravity has shifted away from human administrators. The most dangerous and least governed privilege now sits with non-human identities. Service accounts, APIs, cloud roles, CI/CD pipelines, SaaS connectors, automation frameworks, and autonomous systems operate continuously with standing access,” he says. “These identities authenticate programmatically, at machine speed, often across environments, and frequently with broader permissions than any individual would ever be granted.”And the increasing proliferation of NHIs engaging with enterprise systems is pushing PAM and IAM toward a paradigm shift.”Traditional PAM and IAM models were designed for humans who log in, perform tasks, and log out. They struggle when identities never log out,” Gogia says.”Machine privilege is not an edge case,” he adds. “It is the majority case in modern environments. Enterprises attempting to apply human-style access reviews and approval workflows to these identities quickly discover that governance collapses under scale. This is where always-on privilege stops being a failure of discipline and becomes a failure of design assumptions.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4123184/always-on-privileged-access-is-pervasive-and-fraught-with-risks.html
