Video Summary
In today's complex digital environments, establishing robust cyber security begins with effective classification - of data, networks, and identities. Intuitively, most organisations prioritise data classification first, and rightly so: data is at the heart of what both legitimate users and malicious actors seek to access. Categorising data by sensitivity and value forms the foundation for applying the appropriate protections. this enables identity and access management policies to be meaningfully enforced and guides network classifications, such as segmentation, to limit the impact of potential breaches. However, in cloud-first environments where traditional segmentation is more challenging, organisations often need to rely more heavily on controlling identity-based access. Each classification layer supports the next - data tells us what needs protection, identity determines who can access it, and network segmentation manages how it flows.
Even when data is appropriately marked and access controls appear sound, administrative privileges introduce a significant risk. Administrators often have too much access, capable of bypassing security controls and reaching sensitive areas of the system. Attackers know this and exploit it, targeting admin accounts to move laterally across environments and extract valuable assets, such as password hash files or system configurations. To counteract this, organisations should adopt a tiered administration model, separating duties so that no single administrator has universal control. Access should be limited to what is strictly necessary - ideally just-in-time, time-bound, and heavily audited. When combined with comprehensive classification across data, networks, and identities, this layered approach dramatically reduces risk, limits the blast radius of any breach, and improves visibility for security teams. While implementation is complex and ongoing, the protection it affords is invaluable.
Even when data is appropriately marked and access controls appear sound, administrative privileges introduce a significant risk. Administrators often have too much access, capable of bypassing security controls and reaching sensitive areas of the system. Attackers know this and exploit it, targeting admin accounts to move laterally across environments and extract valuable assets, such as password hash files or system configurations. To counteract this, organisations should adopt a tiered administration model, separating duties so that no single administrator has universal control. Access should be limited to what is strictly necessary - ideally just-in-time, time-bound, and heavily audited. When combined with comprehensive classification across data, networks, and identities, this layered approach dramatically reduces risk, limits the blast radius of any breach, and improves visibility for security teams. While implementation is complex and ongoing, the protection it affords is invaluable.
Other Videos in this Series
Delinea Explained: Intro to PAM
Episode 1
Additional Resources
Who are Somerford?
We are a passionate group of people delivering innovation to our customers on their digital transformation journey.
Why Organisations Need Privileged Access Management
Discover the benefits of PAM, and why it is one of the most effective solutions.
Privileged Access Management Maturity Showcase
View our on-demand webinar showcasing Delinea's Privileged Access Management Maturity.
Get in Touch to Learn More
With specialist knowledge, skills and experience derived from supporting a broad range of FTSE 100, FTSE 250 and smaller companies Somerford Associates have a strong reputation for enabling digital transformation at scale, at pace and in budget.