Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If your organization is having trouble creating policies, I hope that this blog post will help you set a clear path. We’ll discuss setting up your organization up for success by ensuring that you do not treat your policies as a “do once and forget” project. Many organizations I have worked with have done that, but later realized good policy lifecycle is required, and a pillar of good governance.

Policies have a vital role in every organization, but can mean a lot of different things depending on the context. For our purposes, a policy refers to the principles or ideas that an organization uses to make decisions. In this post, we’ll discuss Open Policy Agent (OPA) and its rule language, Rego, highlighting how we can use them to write a simple policy for a payroll microservice.

You’re reading the handwriting on the wall. Your company expanded its cloud infrastructure over the last few years, adding more and more Software-as-a-Service (SaaS) applications to its stack in response to remote work. Like 86% of other companies, you expect that this will continue at the same or an accelerated pace. In response to these IT changes, new laws and industry standards expect you to move toward a zero trust architecture.

Privileged account management is the process of identifying, controlling and monitoring privileged accounts and their associated activity. Privileged accounts are typically high-level administrator accounts that have broad access rights across an organisation’s IT systems. Because of their elevated level of access, these accounts pose a significant risk if they were to fall into the wrong hands.

The Center for Internet Security (CIS) publishes Critical Security Controls that help organization improve cybersecurity. In version 8, Control 6 addresses access control management (in previous versions, this topic was covered by a combination of Control 4 and Control 14).

Managing access rights of privileged users is one of the cornerstones of data security. That’s why the privileged access management (PAM) market is booming with tools and practices. But this variety of PAM options makes it challenging to figure out which practices and controls your organization can benefit from.

We’re excited to be included in the first Policy Based Access Management (PBAM) market report! The KuppingerCole Analysts AG’s 2022 Market Compass provides an excellent overview of how the access market is transforming and emerging vendors in the space.

The Windows ‘Administrator’ account is a highly privileged account that is created during a Windows installation by default. If this account is not properly secured, attackers may leverage it to conduct privilege escalation and lateral movement. When this account is used for administrative purposes, it can be difficult to distinguish between legitimate and malicious activity.

This blog is Part IV in a series about identity-based access management of AWS resources. In Part I, we covered how to use OSS Teleport to access Amazon EC2 instances running in private subnets. Part II explained implementing identity-based access via SSO integration with Okta. Part III covered the steps to configure privilege escalation for just-in-time access requests. In Part IV, we will guide you through the steps to configure SSH session recording and auditing.