Access check-outs are implicitly risky, since they grant elevated privileges to a user. Hitachi ID Privileged Access Manager reduces this risk, by ensuring identification, personal authentication and fine-grained authorization prior to this access; by limiting the time window during which access is granted and by creating accountability through access logs and session recording.
Reducing access risk is not the same as eliminating it. It makes sense to evaluate check-out risk at request time and adapt approvals and session recording for that request accordingly.
Indicators of elevated risk include:
- A user requests access to a system he has not signed into before.
- A user requests access to a system of a different type (platform) than any he has signed into before.
- The total number of requests by the same user in the last hour or day is above a threshold.
- The total number of requests to sign into a given system in the last hour or day is above a threshold.
- The user belongs to a designated class of high risk users (e.g., vendors, consultants, temporary staff, developers).
- A request for access comes from an unusual location for the user in question, or from a less trusted source (e.g., VPN or Extranet).
Privileged Access Manager can examine these variables to compute a risk score for each access request. It can base runtime decisions about pre-approved access, authorizer routing (workflow), session monitoring and alerts based on this score.
Risk scores can be retained in request meta data, so that they can be reviewed and graphed later.
Risk scores are an important strategy to draw the attention of authorizers to unusual requests. Authorizers can then pay closer attention to high risk requests, while more routinely approving others.