It's your first week back at work after the break (for many at least), and you're looking forward to the new year. Have you got a list of projects for 2021?
If you're involved in IT Operations or Infrastructure, your list might include closing out maintenance tasks like clearing the backlog of server updates that have been stacking up. Or perhaps you're planning more strategic work like strengthening and simplifying your remote working environment (clearly still a key capability in 2021). Or you want to finally clean up your network architecture, review and update your cybersecurity stack, speed up end-user remote access, ... or hundreds of other great ideas that are all important and add value to your organisation.
Many of the projects that are first on many lists might be to renew regulatory compliance. PCI DSS, Cyber Essentials, ISO 27001, DSP (for the NHS) or any number of other standards need annual review and re-certification. Another common factor: they all need management of privileged access to shared services, devices, and data.
Where is Privileged Access Management (PAM) in your list? If your answer is anywhere other than "No. 1" or, even worse, not on the list at all, now is the time to re-assess your priorities.
All the projects I listed above need some kind of administrator or privileged access to shared systems. That is, they use an account that has the power to make significant changes on that system. Those accounts are extremely valuable, especially to attackers, so should only be used by senior and well-trained staff.
Most of the time, that might work fine. But, it's too easy to make a mistake and have no record of what happened, or to leak those credentials (sometimes deliberately). The risks are even higher if that person happens to access the systems remotely or works for an external partner or supplier.
In short: if you can't protect that privileged access, then all your critical infrastructure and security systems are vulnerable. It's like leaving the key to your house in the lock outside the door.
Ensuring you have good PAM in place has to be the secure foundation for all IT Operations and Infrastructure changes. That doesn't mean that your other work has to slow down. In fact, they may even speed up because, with modern PAM, SysAdmins can have fast access to only the servers they need, and they can even automate tasks to reduce wait times or safely delegate tasks to others such as help desk agents.