Privileged access management model for a managed service provider
Tuononen, Heikki; Tuononen, Heikki (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2023052614542
https://urn.fi/URN:NBN:fi:amk-2023052614542
Tiivistelmä
Managed service providers operating as administrators in multiple customer environments need well-defined and secure means of providing access to their employees. The distinctive characteristic of a service provider’s access to customer resources is that the access is provided to the management plane using highly privileged credentials. A breach in such a scenario severely compromises the infrastructure of the customer organization. The service provider, in turn, is liable to compensation for damages and loss of credibility.
The main task was to use Telia Cygate’s existing access management model as a basis to develop an improved model and focus especially on privileged access management. An additional objective was to provide thorough documentation of the novel model including the reasoning behind the design decisions to improve the administration of the solution. Additionally, the documentation was aimed to offer an introduction to identity and access management in general, and to provide a starting point for extended development of the privileged access management solution.
To introduce the concepts related to privileged access management, a literary review was conducted. Organizational requirements for information security of the solution were gathered using the company documentation. Based on the requirements, a custom checklist of requirements was developed to function as a meter of compliance for the assessed solutions. The existing and suggested access management solutions were described and assessed using the custom checklist.
Assessments using the custom checklist indicated that the suggested model would improve compliance with organizational requirements. The documentation resulting from the literature review introduced the core concepts of identity and access management and described how privileged access management systems function. The description of the novel management solution served as basis for implementation and for the continued development, which was further discussed in the conclusions.
The main task was to use Telia Cygate’s existing access management model as a basis to develop an improved model and focus especially on privileged access management. An additional objective was to provide thorough documentation of the novel model including the reasoning behind the design decisions to improve the administration of the solution. Additionally, the documentation was aimed to offer an introduction to identity and access management in general, and to provide a starting point for extended development of the privileged access management solution.
To introduce the concepts related to privileged access management, a literary review was conducted. Organizational requirements for information security of the solution were gathered using the company documentation. Based on the requirements, a custom checklist of requirements was developed to function as a meter of compliance for the assessed solutions. The existing and suggested access management solutions were described and assessed using the custom checklist.
Assessments using the custom checklist indicated that the suggested model would improve compliance with organizational requirements. The documentation resulting from the literature review introduced the core concepts of identity and access management and described how privileged access management systems function. The description of the novel management solution served as basis for implementation and for the continued development, which was further discussed in the conclusions.