5
April 2019

Privileged Access Management and Essential Services

Mark Warren

Essential Services and the need for privileged access management

What is an Essential Service?

That could have a pretty personal answer. Being flippant, my answer might involve having good quality beer and cheese available on demand.

For most people, however, essential services are far less trivial and more fundamental. They include having reliable electricity, drinking water and healthcare. In this modern age, digital infrastructure also needs to be included.

“Essential” is the key part of the phrase; if a service is essential, it must be protected. To find out how to increase protection for essential services,  then Osirium and RazorSecure have a webinar coming up to discuss exactly how that can be done.

The Network Information Systems (NIS) Regulations

Stepping back a little, what would constitute best practice to protect essential services?

The European Union recognised the value of these services and their vulnerability to cyber-attack and in 2013 started a process of defining how they should protect themselves against attack.

The result was a directive in 2016 which turned into The Network and Information Systems Regulations 2018 in the UK. Commonly known as “NIS,” these regulations came into force at the same time as GDPR in May 2018 but never had as much mainstream coverage. Now that they’re coming up to their first anniversary, it’s a good time to assess progress in adopting the principles and how to accelerate adoption.

Privileged Account Management at the core of NIS

A guide to best practices for NIS was defined by the NCSC in the form of the Cyber Assessment Framework (CAF)

Within the framework, the key to success is good management of identity and privileged accounts. The best practices for privileged user management are defined in section B2.c which goes into some detail in identifying five key principles that organisations should adopt to protect themselves against attack.

Important webinar coming up

All essential services should by now, be at least in the process of ensuring compliance with the CAF principles. If you’ve already completed an assessment – great! But, are you prepared to ensure continuing compliance? If you’re planning an assessment, do you know how to achieve the core principles with least effort? Do you know how to turn these requirements into a business or service advantage?

If you want to answer those questions or have others you want to raise, then you should attend the Osirium & RazorSecure live webinar: Privilege Account Management and Essential Services on April 24th. We’ll be reviewing the requirements of CAF section B2.c and how they can easily be achieved while improving your security posture and IT operations.