With cyberthreats escalating in complexity and frequency, organisations across Asia must rethink their approach to securing privileged accounts. These are accounts with elevated access to critical systems and sensitive data, and the ability to create or modify user accounts, install software, back up data, update security settings and patches, and change system configurations.
A lapse in privileged access security can lead to severe operational disruptions, credential-stuffing attacks, and data breaches. Stolen credentials were the second most common cause of identity-related incidents experienced by organisations globally last year. Just recently, some stock trading accounts in Malaysia were hacked, with instances of failed logins, unauthorised access, and unauthorised trading activities reported on a limited group of accounts. These compromised accounts were reportedly ones that typically require execution through their respective brokerage firms. This underscores why organisations must prioritise identity security to manage tasks that require privileged access.
According to a SailPoint survey, 66% of IT professionals globally perform tasks that require privileged access daily. Alarmingly, 80% of companies lack the ability to fully track and audit these tasks. With privileged access widely distributed across multiple cloud environments and third-party service providers, businesses struggle to maintain visibility and control, often resulting in excessive privilege allocation.
The cost of excessive privileged access
Excessive privilege allocation occurs when employees are given more access than is necessary for their roles, increasing exposure to both external and internal risks. Without sufficient access controls, the impact of a security breach can be far-reaching. At the same time, relying on manual processes to manage privileged tasks introduces inefficiencies and increases the likelihood of human error, potentially leading to compliance violations or overlooked threats.
To keep organisations running smoothly, IT operations teams must execute several maintenance tasks that require privileged credentials to unlock access to critical assets. While some ad hoc tasks require specialised skills, many involve routine, repetitive, and manual processes. A single-team approach to task execution, coupled with a growing backlog of responsibilities, often results in delays and operational bottlenecks.
To complicate matters, most privileged credentials used for repetitive tasks grant users broad, always-on access. This poses a significant risk, especially as many data breaches today involve the compromise of privileged accounts.
Balancing security and productivity through automation
To address these challenges, organisations must adopt a holistic approach to simplify the creation, assignment, and management of tasks that require privileged credentials. By automating and delegating common and repeatable privileged tasks, they can enhance operational efficiency and accuracy. Automation reduces the risk of compromise by eliminating the need for users to directly access credentials and by granting just-in-time access to resources, minimising the risks associated with persistent access.
Automation also enables organisations to track key metrics and actions related to privileged tasks, and to support compliance by ensuring that regulatory requirements are met without manual intervention. According to the same SailPoint survey, 93% of respondents said that all privileged tasks should be tracked and auditable. However, only 52% of companies have policies requiring that all such tasks be auditable, and just 57% have complete visibility into every privileged task executed.
Automating privileged tasks complements privileged access management (PAM) technologies by enabling the assignment of specific tasks that would typically require full session-level access. This approach allows secure task execution while accelerating workflows.
The PAM market is experiencing strong growth, driven by the increasing complexity of cyberthreats and tightening regulatory demands. The global market was valued at US$3.6 billion in 2024 and is projected to grow at a CAGR of 23.3% from 2025 to 2034. This growth reflects rising demand for secure identity management practices to mitigate the risks associated with data breaches and insider threats.
To strengthen security and operational efficiency, it is essential to regularly validate privileged task assignments and remove access as organisational needs evolve. This ensures that only those with the appropriate entitlements and an active need for access retain it, reducing the risk of insider threats or accidental misuse.
This practice also limits exposure of critical systems and data by preventing outdated or unnecessary privileges from lingering beyond their required timeframe. As employees change roles or leave the organisation, timely adjustment or removal of access rights ensures that privileged tasks do not remain accessible inappropriately. Proactive validation also supports compliance with security standards and regulatory frameworks, helping to safeguard assets and reduce the risk of unauthorised access.
