Victoria University uses ThycoticCentrify Secret Server to address security challenges around privileged users and accounts and progressively strengthen its security posture.
ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, has announced that it is working with Australian universities to adopt the federal government’s Essential Eight cyber mitigation strategies.
The education sector continues to be a key target for cyberattack. In the second half of 2020 the Asia Pacific education sector experienced a 21% increase in cyberattacks, compared with just an average 3.5% increase across all other sectors.
A new case study demonstrates how one of ThycoticCentrify’s customers, Victoria University, has implemented privileged access management strategies – a key part of the Essential Eight – to improve its cybersecurity posture.
ThycoticCentrify has a number of other higher education customers in Australia following a similar path, with security initiatives becoming more urgent after high-profile data breaches in the sector. It is estimated that more than 80% of successful data breaches – including the cyberattack on the Australian National University revealed in 2019 – target privileged accounts.
Privileged access management works by restricting the data access that systems users have to a minimum. It also safeguards passwords and other credentials associated with administrator and other ‘privileged’ accounts – often called ‘the keys to the kingdom’ – and monitors their use to detect suspicious behavior.
Universities are adopting privileged access management to improve cybersecurity because:
• It is a newer, more effective and generally less widely implemented strategy than many previously employed
• It is a key part of the Essential Eight cyber mitigation strategies which prevent the vast majority of cybersecurity incidents
• Universities need to demonstrate progress in adopting the Essential Eight, which privilege management allows them to do relatively easily
• Privilege management solutions like ThycoticCentrify’s are more mature, cost-effective, easier to adopt, and less disruptive to staff than many alternative solutions
When Nitin Singh, Director, VU Cyber for Victoria University, first evaluated strategies to improve VU’s security posture, he identified governance, management and visibility around privileged user and account management as key challenges. Historically, password and access management for privileged users across VU was manual, inconsistent and lacked oversight and audit controls. Singh also found that use of shared and default credentials across privileged accounts posed a significant risk, making VU an easy target for cyberthreats.
“We’ve overcome these challenges by adopting a practical, rational and risk-based approach,” said Singh. “Our mantra of using fit-for-purpose technology solutions led us to Thycotic. We were able to start small, get our IT staff comfortable with the product and are now expanding use of Thycotic across our critical business applications.”
Thycotic’s Secret Server solution has become much more than a privileged credential vault.
“We are now planning to extend its use for access governance, session recording and integration with our Security Information and Event Management solutions,” said Singh. “It has brought in much needed simplification and consistency, along with strengthening VU’s security posture.”
“Many Australian universities are now well down the privilege management path,” said Andrew McAllister, the Adelaide-based VP for ThycoticCentrify Asia Pacific. “Most start with the discovery of key accounts and password management – making sure credentials cannot be exposed to attackers. They quickly progress to monitoring suspicious use of privileged accounts and, over time, restricting access to a minimum.”
Scott Hagenus, Senior Sales Manager for emt Distribution, a rhipe company, which manages ThycoticCentrify’s distribution channel in Australia and New Zealand, said: “The Essential Eight and many if not all of the Australian Government Information Security Manual’s mitigation strategies are key to higher education institutions ensuring a consistent approach to threat mitigation.
“ThycoticCentrify meets this challenge head on when it comes to privilege access and activity.”
Channel partner companies play a vital role in strengthening cybersecurity, said Hagenus. “The understanding and close connection with the various models our education institutions have – coupled with the incredibly strong backing ThycoticCentrify give their channel – perfectly places our partners to assist higher education get the best privilege access controls in place, that fit their needs,” he said.Click below to share this article