The Seven Deadly Sins of Privileged Account Management

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next The Seven Deadly Sins of Privileged Account Management-4 Next

Sharing passwords with more than one user at a time

Allowing more than one user to know the password to a privileged account increases the risk for malicious action. For example, imagine one of those employees leaves the company. It would be impossible to know if the current or previous employee is using the password. Now, say "deadly sin" #1 is also an issue: that password enables access to multiple accounts. Not only would the company not know who is using the password, but they wouldn't know exactly what is being accessed. By making passwords available to only one user at any given time, determining true accountability in the event of a breach becomes much more straightforward.

The NSA scandal involving Edward Snowden's abuse of account passwords has raised major concerns around the risk posed by privileged insiders. Recently, the notoriously secretive Coca-Cola company suffered a high-profile data breach, which brings into question how often password theft and abuse occur unnoticed. Many organizations are now wondering how they can avoid the same risk from their own IT administrators and contractors who often have unfettered access to the keys to the IT kingdom: privileged IT passwords.

One area that continues to be vulnerable is the unmanaged privileged account. Privileged passwords are created and used by trusted IT administrators to maintain servers, configure services, and install new software or devices. These accounts are a constant risk, both from external hackers and curious or disgruntled insiders.

There are a number of common mistakes that IT administrators make when safeguarding privileged account passwords, but many can be easily avoided. Thycotic Software, a provider of privileged account management solutions for global organizations, has compiled a list of the "deadly sins" of privileged password management and tips for how IT administrators can keep their accounts secure.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.