Compliance, Governance and Assurance


Privileged Access Management

Keeping NHS organisations safe from accidental or deliberate misuse of privileged access

Every NHS IT estate is managed by privileged users – users with elevated rights to critical systems – who can make changes to the network or infrastructure, access secure data, or even override existing protocols. We’re talking powerful user accounts which can be directly or indirectly misused by internal staff or contractors or, even worse, taken over and used by attackers. Abuse of these accounts can cause serious damage.

With the rise in third party contractors now working with NHS organisations and requiring privileged access, generic privileged log-in details often being shared, and regulatory compliance drivers such as Cyber Essentials (see point 3), it’s imperative that these accounts be properly managed so they don’t remain an open invitation to a serious breach or cyber-attack.

Privileged Access Management (PAM) technologies aim to help NHS organisations secure critical assets and meet compliance requirements by securing, managing and monitoring privileged accounts and access – essentially controlling who gets access to what and when. Osirium’s PxM platform aims to protect vital NHS infrastructure and its critical assets, ensuring every action is accountable, visible and auditable.

Key features

Osirium’s PxM platform has four software modules designed to control and monitor the use of privileged accounts:

  • Privileged Access Management (PAM) – separating people from passwords so credentials can’t be stolen, hacked or phished. With Osirium, users arrive as an ‘identity’ and leave as a ‘role’ – privileged passwords never enter the workstation domain and all passwords for privileged accounts undergo password lifecycle management, i.e. they‘re auto-generated meeting maximum allowable complexities.
  • Privileged Task Management (PTM) – automating frequently performed tasks that require privileged access, e.g. user password resets or switching/closing off firewall ports. The task is delegated as opposed to the privilege, i.e. the user will be able to perform specific tasks on a device but will not have more general privileged access to the device.
  • Privileged Session Management (PSM) – Creating a precise, irrefutable audit trail of exactly who did what, where and when. PSM software is designed to record sessions undertaken by a privileged user – as well as knowing who accessed the data, when and where, the business can also track exactly what was done during each active session.
  • Privileged Behaviour Management (PBM) – Changes in ‘normal’ privileged user behaviour is flagged so you can see at a glance suspicious user activity and take appropriate action. Results are flagged in terms of active threat (unusual activity) and latent risk (connections between people and high privileged device accounts that are never or rarely used).

Benefits

  • Complete end-to-end accountability – there’s a complete audit trail of who accessed what, when and how
  • No more generic shared accounts – separating people from passwords means everyone arrives as an ‘identity’
  • Less risk with third party providers – as all access is controlled and audited it gives you greater confidence when sharing privileged access with third party technology partners
  • No privilege in excess – allowing ‘just enough privilege’ allows people to do their job whilst eliminating the risk associated with over-privileged accounts.
  • Effortlessly meet compliance needs – all privileged activity is recorded helping you to adhere to Cyber Essentials guidance and GDPR
  • Increased reputation – by demonstrating you have the highest level of control of access to systems where patient records reside

 

Other solutions