The Seven Deadly Sins of Privileged Account Management

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next The Seven Deadly Sins of Privileged Account Management-7 Next

Storing passwords in a non-secure location

In lieu of using one password for all accounts, some users keep track of credentials manually, using Excel spreadsheets or, worse, sticky notes on their desks or PCs. Spreadsheets can be encrypted and password protected, but anyone with access to the spreadsheet can still see all of the network passwords, making it impossible to know who is accessing each network device. Passwords should always be stored somewhere securely, where user access can be controlled, monitored and restricted. Using an enterprise password management tool with strong encryption, granular permissions and full auditing simplifies the process and provides additional security.

The NSA scandal involving Edward Snowden's abuse of account passwords has raised major concerns around the risk posed by privileged insiders. Recently, the notoriously secretive Coca-Cola company suffered a high-profile data breach, which brings into question how often password theft and abuse occur unnoticed. Many organizations are now wondering how they can avoid the same risk from their own IT administrators and contractors who often have unfettered access to the keys to the IT kingdom: privileged IT passwords.

One area that continues to be vulnerable is the unmanaged privileged account. Privileged passwords are created and used by trusted IT administrators to maintain servers, configure services, and install new software or devices. These accounts are a constant risk, both from external hackers and curious or disgruntled insiders.

There are a number of common mistakes that IT administrators make when safeguarding privileged account passwords, but many can be easily avoided. Thycotic Software, a provider of privileged account management solutions for global organizations, has compiled a list of the "deadly sins" of privileged password management and tips for how IT administrators can keep their accounts secure.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.