Quickpass Exec: Cyber Insurers Have Privileged Access Management Top Of Mind
‘All of a sudden [cyber insurers] are starting to enforce lots of new policies and ask lots of questions. One of the questions that they are very keen on is accelerating privileged access management,’ says James Hatzell, vice president of revenue at QuickPass, in a session at XChange March 2023.
Cybersecurity insurers are increasingly asking MSPs to list the ways they are handling access to their networks, and they are asking for tools that can control who can see what and when, said James Hatzell, vice president of revenue at Quickpass Cybersecurity.
“The cyber insurance market is upside down on its premiums. All of a sudden they’re starting to enforce lots of new policies and ask lots of questions. One of the questions that they are very keen on is accelerating privileged access management,” said Hatzell in a session at XChange March 2023, being held in Orlando, Fla., this week and hosted by CRN parent The Channel Company.
Cyber insurance companies are now wanting sophisticated answers to who has administrative authorities and on which machines as well as if passwords are being rotated, he said.
[Related: VMware’s SaaS Sales Surge As Broadcom Deal Nears]
One MSP in the crowd at XChange 2023 said while that sort of tool for privileged access management makes sense for his San Jose, Calif.-based company, it has yet to find a home in his stack.
“The short answer is there is a good use case for it,” said Sanil Nelabhotla, founder of Skalable Technologies. “We just have to see and explore what that is. A lot of people are designing nice tools, but I want to find out how the design of those tools is going to help.”
Hatzell said access management is so large a catch-all that it has spawned an alphabet soup of subcategories that can be confusing. Inside identity access management there is privileged access management, or who has administrative rights to any part of the network. Then there is privileged identity management, which grants admin access for only certain people and only for selected times.
“So there’s even a new subcategory under privileged access management that’s all about only giving administrative access for a very short amount of time,” Hatzell said.
“Just-in-time” accounts, meanwhile, are a recent fix for organizations that are moving away from giving several admins access to servers and only granting admin access for short windows, he said.
“Many people are driving toward ‘main technicians’ on servers and away from ‘shared technicians,’” Hatzell said. “Just-in-time accounts are the solution to that problem. Basically, it gives administrative access to a server to do a little work. You activate the account for a short period of time and have all that tracked.”