Implementing a Privileged Access Workstation: 9 Best Practices

Below are the attributes that should be present to ensure the optimum security and effectiveness of a PAW:

  1. Uses hardened, dedicated assets (physical or virtual), which are actively monitored for all activity—from keystroke logging to application launches and command line tools
  2. Operates with the concept of least privilege for every operation
  3. Operationalizes application allow and block listing
  4. Installed on modern hardware that supports TPM (Trusted Platform Module)–preferably 2.0 or higher to support the latest biometrics and encryption
  5. Managed for vulnerabilities, and automated for timely patch management to ensure the software itself is not exploited
  6. Requires MFA for authentication into sensitive resources and step-up authentication, or even change control, for the most sensitive operations
  7. Operates on a dedicated or trusted network that is segmented away from networks that may have potentially unsecure devices
  8. Only uses a wired network connection. Wireless communications of any type are unacceptable for PAWs
  9. Is physically secured with tamper cables to prevent device theft (especially a concern if the PAW is a laptop and in a high-traffic area)

While a PAW provides increased security for any cloud administrator, it should never be used for:

  • Browsing the Internet, regardless of browser
  • Email and messaging applications
  • Activity over unsecure network connectivity, such as Wi-Fi or cellular
  • Use with USB storage media or unauthorized USB peripherals
  • Remote access into the PAW from any workstation
  • Used with applications or services in a manner that would unharden security best practices and make it potentially vulnerable in the future

To streamline this approach and avoid use of two physical computers, many organizations leverage virtualization technologies (from VMware, Microsoft, Parallels, Oracle, etc.) that allow a single asset to execute a PAW side-by-side with the base operating system. The primary system is used for daily productivity tasks, and the other serves as the PAW. When using this approach, however, it is preferred that both daily activity and the PAW be virtual on a hardened OS to provide better segmentation. However, segmentation in this manner may not always be practical. The PAW, if nothing else, should be virtualized and isolated from the OS (no clipboard sharing, file transfer, etc.) and not used as the daily productivity machine.

To learn more about Privileged Access Management , contact us at inquiries@serviceitplus.com


Inquire

share on social media

Facebook
Twitter
LinkedIn

Product Demo Appointment

looking forward to working with you

Product Trial Appointment

looking forward to working with you

Request for Assessment and Consultation

looking forward to working with you

Book Trainings and Certification

looking forward to working with you

Inquiry

looking forward to working with you

You’re all set!

Someone from our team will contact you within one business day regarding your trial request inquiries.  If you have immediate concerns, please call us at +632 7949 8109 / +632 7949 8108 / 0915-932-5339

We look forward to talking with you soon

Thank you for subscribing to our videos!

We’ve got your email address on the list. You will be the first to know about our product updates, events and special offers.

We’re happy to have you on board!

Subscribe to see our latest videos

Subscribe to our News Letter

Thank you for subscribing to our newsletter!

We’ve got your email address on the list. You will be the first to know about our product updates, events and special offers.

We’re happy to have you on board!

Thank you for subscribing!

We’ve got your email address on the list. You will be the first to know about our upcoming events and webinars.

Thank you for your interest!

We’ve send your requested content to your email

If you do not receive the email within a few minutes, please check your Spam or Junk folder

You’re all set!

Someone from our team will contact you within one business day regarding your demo request inquiries.  If you have immediate concerns, please call us at +632 7949 8109 / +632 7949 8108 / 0915-932-5339

We look forward to talking with you soon

Request for Quotation

looking forward to working with you

Service

widget

Detect

software-program

Manage

Protect

Schedule an Appointment

looking forward to working with you

NOTICE : This website uses cookies to ensure you get the best experience on our website.

How can we help you?

Fill in your details and we will get back to you in no time.