Video: 10 Minute IT Jams - Who is BeyondTrust?

Cybersecurity is under constant threat. As more organisations embrace remote work and cloud technology, safeguarding critical information and access rights has never been more vital. AJ Kumar, Director of Solutions Engineering at BeyondTrust, shed light on how the evolving IT landscape is shaping the future of access management, and the innovative tools being developed to address rising threats.

"BeyondTrust has been a leader in privileged access management for two decades now," Kumar explained. "What we do is help discover, manage and control access to your most critical resources." He believes that the biggest threat facing organisations today is the misuse or theft of privileged user credentials, which cybercriminals can exploit to wreak havoc across an IT infrastructure.

The importance of securing privileged identities has been magnified in the wake of the global shift to remote and hybrid work, accelerated by the COVID-19 pandemic. "Remote working or remote access has become a de facto part of everyday IT life," Kumar noted. This shift presents unique challenges for organisations, which must figure out not only how to grant employees access to internal systems, but also how to enforce the same security policies outside the traditional office environment.

"Most organisations have had to struggle with how they grant that access to users and, secondly, how they ensure that the security policies implemented on-premises can be implemented for all these remote workers," he said.

As if this was not enough, many companies have also accelerated their move to the cloud, both with new projects and by migrating existing workloads. This, according to Kumar, has introduced its own set of challenges. He cited findings from the Cloud Security Alliance, which highlighted 11 specific threats facing businesses in their cloud journey—the most pressing of which is data breaches caused by weak access controls. "Not being able to control access or have proper access controls in place for their cloud resources is a top concern," he said.

Kumar outlines that the continuous challenge is ensuring users only have the access necessary for their roles, and nothing more. "The other challenge of course is consistently ensuring people have the right access, and that those privileges are in line with their day-to-day job functionalities," he added.

To address these threats, BeyondTrust focuses on "the core functionality... to ensure that people can securely access their resources, regardless of whether it's on-prem or in the cloud, and we specifically focus on privileged users," he said. The company's approach is built around three pillars: granting access, enforcing least privilege, and monitoring privileged sessions.

"Having consistent access policies across all these environments is a big challenge—and it just takes one mistake for attackers to gain advantage," Kumar pointed out. BeyondTrust's tools use a best-in-class approach to secure remote access, providing seamless connectivity across networks while allowing unified policy enforcement from a single point of control.

For Kumar, achieving the right balance between security and usability is key. "This ensures you have complete visibility to what your users are doing at the same time your users are not frustrated by having to use too many tools or go into too many different consoles," he said. The objective is to "provide the seamless access they would expect as they go about their day-to-day jobs."

"One of the biggest trends in the last year has been the shift to remote working," he noted. This shift presents challenges, particularly since employees at home often require broader access to perform basic IT-related tasks—something easily handled by in-office tech support prior to the pandemic but which now has the potential to expose companies to risk.

"A lot of organisations are trying to get around this by delegating admin rights to the users themselves so that they can carry out these tasks, which exposes them to a big risk as you are aware," Kumar explained. The threat of phishing has "risen by 500 percent or more over the last year specifically targeting this work-from-home users," he added.

BeyondTrust's endpoint privilege management offers a solution by letting employees complete necessary tasks without granting them admin-level access. One customer, a large regional organisation, faced exactly this problem. "By leveraging our endpoint privilege management on the cloud, we were able to set up quickly, define user access based on requirements, and push that across various desktops and users. This ensured users could do all the tasks they needed to, like installing programs or changing settings, without waiting for IT help—and productivity just jumped up," Kumar explained.

While streamlined remote access and privilege management have become standard expectations, innovation continues at pace. "BeyondTrust has been a big innovator," Kumar said proudly. He described the launch of DevOps Secret Safe, a new solution enabling organisations to centrally manage system credentials required for automation. "Having a centralised secrets management environment gives you complete audit trails in terms of who is accessing what and allows you to rotate and change these credentials based on your policy in a consistent manner," Kumar said.

Managing privileges in the cloud remains a significant pain point, given the complexity and fragmentation of cloud platforms. Kumar revealed that BeyondTrust will soon introduce a cloud privilege broker, providing consistent discovery of all user privileges, identifying anomalies, and reporting them to a central console for rapid corrective action.

The pace of change is unlikely to slow as companies adapt to new threats and working models. But Kumar remains confident that continuous innovation in privileged access management will keep organisations ahead of the curve. "We are consistently working on making new products more easy to use—and also more impactful to organisations," he said.