(February 1, 2021) As threats to information security become more prevalent, whether, from unpatched systems or outdated software, one often overlooked aspect is the importance of properly securing privileged accounts and passwords needed to manage your IT environment.
A privileged account policy combined with an enterprise password management solution can dramatically improve security. Together, these tools can help enforce policies that prevent credential compromise and mitigate risks from insider threats such as a disgruntled or rogue employee seizing control of critical systems.
What Are Privileged Accounts?
Privileged accounts provide high levels of access — such as the administrator credentials to the network, email, accounting systems, or cloud tenant. They also bring with them high levels of risk as these accounts can perform important functions such as access control, user provisioning, and data manipulation.
Managing application or “service” accounts is also important. Application accounts are the credentials that software uses for such functions as interacting with databases, running scripts, and creating digital signatures. These accounts typically have privileges to some of the most sensitive information in an organization and are a frequent target for compromise.
How Do Password Managers Work?
A password manager is an encrypted, software-based vault for storing credentials. Users only must remember one strong password that is used to secure the vault.
There are several consumer-grade password managers available, which are low-cost and even free. They are designed to help users improve security by selecting and storing unique, strong passwords for each account.
The similarities between consumer-grade and enterprise password managers end there. Solutions designed for company-wide adoption allow for multiple users and feature multi-factor authentication, strong encryption, and a detailed audit trail of who accessed the vault and when.
What is Privileged Account Management?
It is common for IT admins to combine administrator and non-admin functions under one account they use for day-to-day access to the network. A privileged account management policy would require separate accounts for IT administration and non-administration functions. IT also allows the use of extremely complex passwords or passphrases for privileged functions. All privileged account information is stored in an enterprise password manager. Only trusted IT admins have access to the password manager and granular permissions restrict access to only those passwords required for a specific job function. A log of who accessed the password manager and then provides an audit trail.
Enterprise password managers also help minimize the tendency to store and share privileged account information via unsecure methods, such as email, text, Word, or Excel. Some solutions also enable automatic rotation of passwords without hindering IT operational processes. Password management workflows can also help ensure that no individual has the authority to unilaterally change credentials.
Privileged account management (PAM), when combined with an enterprise password manager, makes it possible to control access to privileged accounts and their credentials. With threats to privileged access becoming more widespread, whether from internal or external sources, securing and auditing account and credentials access has never been more important.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.