Privileged users essentially hold the keys to your kingdom. They have access to a wide array of company data, security controls, workflows, and resources. These advanced permissions enable users to make changes to your Salesforce instance or cloud environment that can put your organization at extreme security risk and even cover up their tracks in the process.
In this two-part blog post, we will first discuss why privileged users pose a threat to your organization, followed by ways organizations can secure their Salesforce and cloud environments to keep the keys to their kingdom in the hands of the right users and prevent privileged user abuse.
First, let’s look at five reasons why privileged users are a top security concern in the cloud.
1) They’re Difficult to Manage
Privileged users inherently have a high level of access to company resources and an understanding of the way your organization is structured. These users are usually administrators and monitors of systems. Essentially, preventing privileged user abuse means you need to monitor those who are monitoring your systems. Say, for instance, your network engineer’s account was compromised and was used to create a new service account. It may be difficult to determine if this access was not legitimate. Was this a part of their job function? Or was this a malicious act on the part of the engineer to cover up their tracks?
2) They’re Considered Insider Threats
The landscape of security has dramatically changed in recent years. Focus has shifted from external attackers to insiders who will not only open the doors to external attackers but will also maliciously or inadvertently abuse access to your Salesforce or cloud environment. According to the 2018 Insider Threat Report conducted by Crowd Research Partners, 90 percent of surveyed organizations felt vulnerable to insider threats. Of those insider threats, regular employees (56 percent), privileged users (55 percent) and contractors (42 percent) posed the largest concern for respondents. Insider threats can include departing employees looking to take your company data to a competitor or privileged users who inadvertently change business-critical controls to your Salesforce environment.
3) Their Permissions Evolve
Users inside your Salesforce and cloud applications often wear multiple hats. This means they often need access to a wide array of company data across multiple departments. As their job roles and projects change, so do their permissions and access. Without proper monitoring, too many permissions changes can be given without approval. User, profile and role permissions in Salesforce should be adjusted according to each one’s role, ensuring that they only have access to information that is necessary to their job function.
4) Cybercriminals Target Privileged Users
Data is no longer just an IT asset – it’s a core strategic asset and is considered the new currency. If you were trying to break into a bank, would you rather go through the trouble of evading digital security measures (i.e. door access, vault passcodes, video surveillance) or would you rather obtain the keys to the bank and pose as a trusted insider? Cybercriminals target privileged user accounts because it gives them the chance to enter your organization’s network and cloud environment under the cloak of privileged access. Oftentimes, privileged users aren’t audited at the depth that would allow employers to raise suspicion – giving them the opportunity to pilfer sensitive data across your organization’s environment.
5) Compliance Considerations
Regulations like FINRA, FFIEC, GDPR, FCA, HIPAA and PCI require stringent security controls to meet compliance in today’s digital era. Information held within Salesforce and the cloud requires careful consideration as to who has access to data and what they can do with it. Privileged users can change permissions, privileges and security controls that can change your compliance posture – putting you not only at security risk but also at risk of regulatory fines and enforcement.
It’s true: privileged users pose a great threat to the security of your organization. However, in order for efficient workflows and business functions, privileged users are absolutely necessary to have in your Salesforce and cloud environments. There are tactics you can employ to secure your privileged user accounts and prevent privileged user abuse.
To find out what those tactics are, read Part 2 of this blog series, 5 Ways to Prevent Privileged User Abuse in the Cloud.