In June 2013, the Monetary Authority of Singapore (MAS) introduced the Technology Risk Management Guidelines, a comprehensive document setting out risk management principles. It contains best practices to help financial institutions protect sensitive information and transactions and discover secret weaknesses in the cybersecurity policy.
In part 11.2 of the TRM Guidelines ‘Privileged Access Management’, the MAS attracts the attention of financial institutions to the importance of implementing such class of solutions as PAM software. It says: “System administrators, IT security officers, programmers and staff performing critical operations invariably possess the capability to inflict severe damage on critical systems they maintain or operate by virtue of their job functions and privileged access.” Not only Indeed Privileged Access Manager prevents such serious threats and enhances the company’s cybersecurity, but it also assists to comply with the MAS regulations. Why so?
By out-of-box capabilities, Indeed PAM can
- Implement two-factor authentication for privileged users. The authentication methods are password and OTP (One-Time Password).
- Provide strict control over remote access of privileged users. + Remote access control is a standard feature of the Indeed PAM that allows providing access to the organization’s network to both contractors and employees outside the office.
- Audit and, if needed, restrict the number of privileged users. The main way to reduce the number of privileged users is to put the limits to having the privileged rights of the employees. To get privileged access, Indeed PAM can provide a separate account with elevated rights. The Indeed PAM administrator determines when such an account can be used and what resources can be given access to. Also, your employees will not know the passwords of accounts with elevated rights, and all actions performed in the session will be logged.
- Grant privileged access on a “need-to-have” basis. Through the use of access policies and permissions, the software regulates and manages users and their rights and responsibilities.
- Logging all system events performed by privileged users. Apart from it, Indeed PAM makes video records of all privileged sessions.
- Prevent privileged users from accessing systems logs in which their activities are being captured. Such an action can be done only by Indeed PAM Admin.
- Regularly oversee the privileged users’ activities. The solution is capable of watching over any users’ activities, such as attempts to relocate and change the company’s data
- Prohibit sharing of privileged accounts. For critical privileged accounts, there is also an exclusive use mode. If one of the employees uses an account with exclusive use for work, then no other employees will be able to use it until the end of the session.
- Prevent third-party users from having privileged access to the company’s information systems without close supervision. Indeed PAM can control what resources, what period of time, and what users the access should be given to. It helps to granularly distribute the access rights as required by the company’s needs and cybersecurity program.
- Protect backup copies of critical systems by providing access to them through the Indeed PAM.
Privileged users will also appreciate a robust, yet user-friendly tool that is easy to use and fast to deploy. The software UI and architecture make the user experience smooth and easy.
Do not miss our special offer for those companies that are in urgent need of PAM. Sign the contract and get your PAM licenses now – pay in 30 days. With minimum efforts from your side, your company will get fully controlled privileged access within one day.
Who said that compliance is a long process? We prove it wrong. If you want to deploy Indeed PAM as soon as possible request a consultation.
The post Indeed PAM brings financial institutions to MAS compliance – fast and easy appeared first on Indeed-ID Blog.