The Seven Deadly Sins of Privileged Account Management

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next The Seven Deadly Sins of Privileged Account Management-4 Next

Sharing passwords with more than one user at a time

Allowing more than one user to know the password to a privileged account increases the risk for malicious action. For example, imagine one of those employees leaves the company. It would be impossible to know if the current or previous employee is using the password. Now, say "deadly sin" #1 is also an issue: that password enables access to multiple accounts. Not only would the company not know who is using the password, but they wouldn't know exactly what is being accessed. By making passwords available to only one user at any given time, determining true accountability in the event of a breach becomes much more straightforward.

The NSA scandal involving Edward Snowden's abuse of account passwords has raised major concerns around the risk posed by privileged insiders. Recently, the notoriously secretive Coca-Cola company suffered a high-profile data breach, which brings into question how often password theft and abuse occur unnoticed. Many organizations are now wondering how they can avoid the same risk from their own IT administrators and contractors who often have unfettered access to the keys to the IT kingdom: privileged IT passwords.

One area that continues to be vulnerable is the unmanaged privileged account. Privileged passwords are created and used by trusted IT administrators to maintain servers, configure services, and install new software or devices. These accounts are a constant risk, both from external hackers and curious or disgruntled insiders.

There are a number of common mistakes that IT administrators make when safeguarding privileged account passwords, but many can be easily avoided. Thycotic Software, a provider of privileged account management solutions for global organizations, has compiled a list of the "deadly sins" of privileged password management and tips for how IT administrators can keep their accounts secure.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Shadow IT Security How Risky Behaviors Hurt Shadow IT Security

Examine some of the concerns involving shadow IT security and some of the riskiest behaviors, applications and devices. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.