Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Logical SecurityAccess ManagementCybersecurity News

Managing Privileged Access is Crucial to Preventing Data Breaches

By Nathan Wenzler
privileged-access-900
June 28, 2016

Organizations across America are facing unprecedented challenges in building effective, manageable security programs in order to protect the wide array of sensitive data they are responsible for keeping safe. Corporations, educational institutions and government agencies are often beholden to many different regulations and legal compliance requirements because of the various datasets they maintain. For example, a university will have a student health center that stores Personally Identifiable Information (PII) and other health information covered under the Health Insurance Portability and Accountability Act (HIPAA).  Additionally, that same university’s bookstore, food services and other student services will store credit card transaction data, which are mandated by the Payment Card Industry (PCI) to be protected. Government agencies, such as the recently breached Office of Personnel Management, store employee records and related PII that may be further regulated, depending on the state or federal district in which the agency is based.

These various needs can be difficult for organizations to balance and maintain, but regardless of the type of organization, critical and sensitive data must be protected and kept safe from hackers, malicious insiders, malware and other forms of cyber-attack. Add in the normal budgetary and human resource challenges that all organizations face, and you’ve got what can seem like an insurmountable security problem.

Fortunately, as defense-in-depth strategies are shifting to a more data-centric model, it is becoming easier for information security teams to get their arms around these problems by simply focusing on fundamental and common points of access in order to build security controls. In this regard, credentials are truly the key to everything. How does a user gain access to data? They input their user name and password. Need to back up an entire database? Use a database administrator’s credentials.  Nearly every data breach and cyber-attack seen today is ultimately targeting credentials. 

Credentials have the permissions and rights to access as much data as possible. For this very reason privileged accounts, such as local administrator accounts, domain administrators, root accounts and more, are often referred to as the “keys to the kingdom.” Not only do they have access to data, systems and applications, but security tools are often built to permit these privileged accounts to move freely about any system on the network. If organizations can control and manage these privileged accounts, then a fundamental layer of protection is put into place to address all of the challenges presented by regulatory and legal requirements, even intellectual property theft from cybercriminals and malicious insiders.

This is where Privileged Account Management (PAM) comes in. PAM has been a standard security tool for many years, but only recently it has moved into the spotlight as a fundamental part of a defense-in-depth program within private corporations, government agencies, and all other types of organizations. As more attacks and data breaches are found to be caused by abuse of privileged credentials, organizations have come to realize that protecting those credentials needs to be a first priority, and not an afterthought to other security layers.

Best of all, modern enterprise-grade Privileged Account Management tools are designed to be easy-to-use, simple to deploy and very cost effective. They can be scaled out to address the many different teams that may be involved across business units, and easily customized to protect different credentials and datasets in whatever ways are required. Many organizations that have implemented these sorts of tools have done so specifically for these reasons, underscoring that creating huge security benefits and building a stronger overall security posture doesn’t have to be expensive, difficult to deploy and implement, or painful for IT administrators to use on a day-to-day basis.

One case in point: the University of Central Florida (UCF) has deployed a PAM tool to securely manage privileged account passwords, restricting access to the sensitive data of its 60,000 students, as well as faculty, alumni and donors. "Privileged account management is one of our top priorities because of the types of data these accounts can access," says Matthew Fitzgerald, senior security analyst at UCF. "We knew we needed to invest in an enterprise-class solution that we could quickly deploy in order to protect these sensitive data sets.”    

KEYWORDS: data breach security credentials

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Nathan Wenzler is Executive Director of Security at Thycotic, a provider of IT security and password management solutions. Wenzler has almost two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations. Wenzler has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort. As the Executive Director of Security for Thycotic, Wenzler brings his expertise on security program development and implementation in both the public and private sector to admins, auditors, managers, and security professionals at a variety of conferences, trade shows, and educational events.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • appSec

    Why application-layer security is critical in preventing data breaches

    See More
  • Virus Detected

    Employee Training is Key in Preventing Breaches, But is it Enough?

    See More
  • Data Breach

    Data breaches: Preventing and responding

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing