Reduce the Risk of a Security Breach When Sharing Privileged Accounts
There are partners, employees, contractors, customers and others who access or try to access your most valuable company assets on a daily basis. But each individual or each group represents a high risk if their privileges are not managed properly. Time and time again we see an employee or a contractor falling victim to a phishing attack and the compromised credentials are then used to move laterally through your environment.
This can be especially damaging if the account that has been compromised is a shared account:
- Shared accounts are commonly used on more than one application or resource. Think of the admin account for your servers or networking devices. Most likely a lot of resources use the same credentials.
- It makes it that much harder to pinpoint who has been compromised.
- In most cases it requires a lot of systems that need to be touched to “fix” the problem.
Reduce Your Risk with Shared Account Password Management
As you are exploring right tools to reduce the risk with shared accounts and privilege management think about the following:
- To control costs, plan ahead for evolving requirements. Look for tools that solve more than just that “one” problem you are trying to solve, because sharing an account with others is most likely also an account with “too much” privilege.
- Make sure that high value features like multi-factor authentication (MFA), high availability (HA), privilege account management (PAM) and role based access controls (RBAC) are part of the solution.
- Look for solutions that support session monitoring -- this way, there is accountability and visibility for privileged activity.
- Do not forget about your nonhuman services and application accounts. Nonhuman accounts are major sources of operational and security risk. Companies need a tool that allows them to eliminate hard-coded, plain text account passwords from scripts and applications.
Centrify Infrastructure Services allows partners, contractors and employees access to shared account passwords, while maintaining control over who has access, which account passwords they have access to and how those passwords are managed. Enterprises can secure and manage super-user, service, and application accounts on servers and network devices, both on-premises and in the cloud.
Authorized users can access resources using shared accounts without knowing the passwords and Centrify will not expose the passwords and will deny any unauthorized access. In case of emergency access, authorized users can check out passwords for shared accounts, including service, application and database accounts for a limited duration. Centrify Infrastructure Services can take full control of passwords and automatically change the password once the checkout expires.
This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.