Cybersecurity insurers are increasingly asking MSPs to list the ways they are handling access to their networks, and they are asking for tools that can control who can see what and when, said James Hatzell, vice president of revenue at Quickpass Cybersecurity.
“The cyber insurance market is upside down on its premiums. All of a sudden they’re starting to enforce lots of new policies and ask lots of questions. One of the questions that they are very keen on is accelerating privileged access management,” said Hatzell in a session at XChange March 2023, being held in Orlando, Fla., this week and hosted by CRN parent The Channel Company.
Cyber insurance companies are now wanting sophisticated answers to who has administrative authorities and on which machines as well as if passwords are being rotated, he said.
[Related: VMware’s SaaS Sales Surge As Broadcom Deal Nears]
One MSP in the crowd at XChange 2023 said while that sort of tool for privileged access management makes sense for his San Jose, Calif.-based company, it has yet to find a home in his stack.ADVERTISEMENT
“The short answer is there is a good use case for it,” said Sanil Nelabhotla, founder of Skalable Technologies. “We just have to see and explore what that is. A lot of people are designing nice tools, but I want to find out how the design of those tools is going to help.”
Hatzell said access management is so large a catch-all that it has spawned an alphabet soup of subcategories that can be confusing. Inside identity access management there is privileged access management, or who has administrative rights to any part of the network. Then there is privileged identity management, which grants admin access for only certain people and only for selected times.
“So there’s even a new subcategory under privileged access management that’s all about only giving administrative access for a very short amount of time,” Hatzell said.
“Just-in-time” accounts, meanwhile, are a recent fix for organizations that are moving away from giving several admins access to servers and only granting admin access for short windows, he said.
“Many people are driving toward ‘main technicians’ on servers and away from ‘shared technicians,’” Hatzell said. “Just-in-time accounts are the solution to that problem. Basically, it gives administrative access to a server to do a little work. You activate the account for a short period of time and have all that tracked.”LEARN MORE: Cybersecurity | Managed Security | XChange
O’Ryan Johnson is a veteran news reporter. He covers the data center beat for CRN and hopes to hear from channel partners about how he can improve his coverage and write the stories they want to read. He can be reached at [email protected]..
RELATED CONTENT
Acer Confirms Probe Of Document Server BreachGeorge Kurtz: CrowdStrike Seeing ‘Immense Demand’ From SMBsSolution Providers Are Split On Whether To Offer Multiple Security Stacks Or Just One. Here’s Why.Sophos CTO Joe Levy On Surging MDR Demand And Endpoint Security UpdatesHow ThreatLocker Is Becoming An ‘Ecosystem’ Of Security Tools For MSPs TO TOPADVERTISEMENT
TRENDING STORIES
- AWS Vs. Azure Vs. GCP: Flexera 2023 Customer Cloud Results | CRN
- CEO Antonio Neri On HPE’s Supercomputing ChatGPT Advantage, Axis Security And GreenLake Momentum | C
- Sophos CTO Joe Levy On Surging MDR Demand And Endpoint Security Updates | CRN
- DXC Technology Ends Takeover Talks With ‘Financial Sponsor’ | CRN
- Broadcom CEO ‘Confident’ VMware Deal Will Pass Muster With Global Regulators | CRN