Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
What Is a Privileged Access Workstation (PAW)?What Is a Privileged Access Workstation (PAW)?
Ask the Experts -- about a technological game of keep-away that protects the most precious resources from the greatest dangers.
Edge Editors
February 5, 2020
2 Min Read
(image by Tierney, via Adobe Stock)
Question: What is a privileged access workstation? And how does a PAW work?
Tal Zamir, co-founder and CEO of Hysolate: Workstations used by privileged users can easily become an attacker's shortcut into the heart of the enterprise. One best practice for protecting privileged user devices is providing each such user a dedicated operating system that is exclusively used for privileged access — a concept known as privileged access workstations (PAW).
Privileged access workstations are the actual devices people are using when they access those privileged accounts. Microsoft recommends that users access privileged accounts from a dedicated device or operating system that is only used for privileged activities.
Privileged access management refers to tools that manage privileged access (password vaults, access controls, privileged access monitoring, etc.). These solutions lock down who has access to privileged accounts, how long they have access, what they can do with that access, etc.
So to bring them together, the best practice is for a user to have a dedicated workstation (privileged access workstation) for privileged use. Upon logging into that workstation, the user would access privileged accounts through a privileged access management platform that would manage all of the access rights.
This dedicated workstation or OS mustn't be used for Web browsing, email, and other risky apps, and it should have strict app whitelisting. It shouldn't connect to risky external Wi-Fi networks or to external USB devices. Privileged servers must not accept connections from a non-privileged OS.
You must also keep the user's experience in mind. To avoid forcing users to use two separate laptops, consider leveraging virtualization technologies (e.g., VirtualBox/Hyper-V) that allow a single laptop to run two isolated operating systems side-by-side, one for productivity and one for privileged access. Also consider solutions dedicated to the concept of PAW.
Related Content:
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events