Certain events are so overwhelming that only a touch of humor can keep us from going mad. BREXIT, Britain’s exit from the European Union, is one of them. This decision is likely to have a serious impact on IT security, especially Privileged Access Management (PAM).
So, to have a sane, thoughtful discussion of this distressing subject, we thought it would be useful to look at Privileged Access Management and BREXIT as if John Oliver were covering it on his amazing show, “Last Week Tonight.” Here goes…
The Impacts of BREXIT
And now to Great Britain… the country that seems to exist as a reminder to the world that Americans talk funny. As we all know, the people of Great Britain voted last month to separate themselves from the EU. The country may face a number of economic and political difficulties now as a result, which makes a lot of non-English people wonder why they chose this path. Don’t worry, it’s just one of many confusing things about Britain, like cricket, marmite, why the name of the city of Leicester only has two syllables and gas is sold by the liter while cars are rated by miles-per-gallon.
BREXIT will affect a lot of areas of British life and business. It will certainly have a big impact on IT security and compliance. Many regulations and corporate relationships are about to undergo some massive changes over the next few years. With these changes will come inevitable questions about who is authorized to administer critical information systems.
Amongst other things, BREXIT will shake up the world of Privileged Access Management. And no, we don’t mean Pam Grier, Pamela Anderson, or the chick who played My Sister Sam or Robin Williams’ clueless roommate on Mork and Mindy. Privileged Access Management is the matter of controlling who can modify a system. Privileged Access Management solutions help organizations stay on top of privileged access. They offer a secure, streamlined way to authorize and monitor all privileged users for all relevant systems – things like:
- Monitoring privilege account access in real time so you can flag activities that are suspicious
- Granting privileges to users only for systems on which they are authorized
- Granting access only when it’s needed and revoke access when the need expires
- Centrally and quickly managing access all of your ystems
- Creating an audit trail of privileged operations
IT security observers foresee complications on the way. Chris Gledhill, for example, the co-founder of Secco Bank and one of the UK’s leading experts on financial technology (FinTech) expressed his view of Brexit for IT by saying, “I fear we have got ourselves into a boiling frog situation.” Yes, saying that FinTech going into Brexit is like a frog unaware that it is being slowly boiled to death is a bit like saying that Queen Elizabeth has a small hat collection – just 5,000 or so and counting, but at least she’s never worn the same one twice.
As an example of looming BREXIT trouble in FinTech, Gledhill cites EU Directive 2014/49/EU which requires British banks to insure deposits up to the equivalent of €100,000. That sounds good, but under British law, deposits needed to be insured at £85,000, a higher amount.
From a Privileged Access Management perspective, the deposit insurance regulatory discrepancy provides a small but good example of just how complicated things can get when you divorce a country from a union of sovereign states. A privileged user at each British bank is going to have to go through the settings and workflow rules in all sorts of back end systems to make sure that deposit insurance notifications and alerts are set according to the correct regulation. In British terms, that would make a privileged user both “gobsmacked” and “knackered.” Or, as we say in the US, “Dude, I’m just like totally, you know, zonked.” Conversely, privileged FinTech users on the EU side will have to go into their respective back ends and adjust their reporting for systems that manage funds deposited in British Banks. Or maybe they won’t—we just don’t know yet.
It’s not Just BREXIT
We live in a time of rapid evolving political and regulatory change. Britain may not be the only country leaving the EU. Political changes in the US or China could trigger large, rapid, changes in their own regulatory environments. National rules are changing rapidly… even as business becomes ever more global.
And the bottom line is that relatively rapid changes in regulatory schemes lead to extremely urgent and often very large mission-critical IT projects that depend on lots of privileged users across many systems. Monitoring these users is critical for compliance and security. IT managers and compliance managers need to know who changed what and when. They need to know what changes were made and be able to review, on audit, whether the backend changes ensure compliance with the rules.
The balkanization of regulatory compliance can be a huge hassle. To this point, Gledhill described the complex EU Payment Services Directive or "PSD2,” which UK banks may or may not need to comply with under BREXIT, as “a pain the bum.” Let me tell you, when a British man says something is a pain the rear, it’s bad.
Privileged Access Management for a Rapidly Changing Environment
The rapid cascade of system changes that will likely be brought about by BREXIT and other potential political fissures highlights the need for flexibility in Privileged Access Management solutions. In a rapidly changing environment, a Privileged Access Management solution needs to be able to adapt quickly to new architectures and relationships between entities. PAM has to be easy to deploy and simple and efficient to maintain… whether the systems it’s managing are behind the firewall or in the cloud.
The Wallix AdminBastion (WAB) Suite was designed to play this role. It establishes pervasive, sustainable Privileged Access Management across the IT environment no matter how much that environment changes over time. WAB Suite is able to easily span both cloud and on-premises system deployments. Its single gateway has single sign-on for access by system admins. With this capability, the IT department can define and enforce access policies for admins and employees across the globe.
Furthermore, today’s rapid change and uncertainty favours WALLIX’s unique agent-less architecture. Most other Privileged Access Management solutions require a software agent to be installed and maintained on each target system, which makes those systems much less flexible and much more costly to maintain. This Privileged Access Management “tax” becomes especially painful during a time of rapid change. Oftentimes, it results in the PAM system being shunted aside in the name of expediency. This creates a huge, and enduring, risk.
In contrast to traditional Privileged Access Management architectures, WAB Suite is light. It sets up rapidly no matter the system and doesn’t require complex maintenance or agent-updates as underlying systems evolve. With WALLIX, you don’t have to choose between getting work done rapidly or ensuring security compliance by keeping privileged access management in place across all systems.