Four Common Challenges Related to Privileged Accounts

What problems do you face in managing your privileged accounts? Not sure? Let’s talk about the four most common problems we hear on this topic. I am guessing that some, if not all, will sound familiar.

1. Proliferation of Shared IDs

Occasionally, employees need to be given additional privileges to perform functions beyond their normal responsibilities. In these situations, organizations might allow privileged users to share one or more common user IDs.

Many companies find it easier to allow privileged users to share their user IDs because it bypasses the need to continually add and delete accounts as users come and go. However, this approach is undesirable because it leads to the proliferation of shared IDs, making it difficult to attribute a particular action to a specific individual. This level of anonymity removes an important deterrent against irresponsible or malicious acts by parties who know the passwords to business-critical systems.

2. Third-Party Access

Third parties play an increasingly important role in an organization’s IT ecosystem. However, many third parties may not be as secure as the organizations to which they provide services, making them prime entry points for attackers. It is especially important to monitor the activities of third-party vendors if they have access to critical IT systems.

3. Meeting Compliance Obligations

It is critical for organizations to enforce compliance to industry regulations such as the Sarbanes-Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA). IT leaders must have systems and processes in place to prove that they are following these standards. However, mismanagement of privileged accounts continues to be a recurring theme in IT security audits.

4. Privilege Creep

Privilege creep is the phenomenon by which employees accumulate high levels of access to IT infrastructure, some of which they are not entitled to have. It occurs when employees obtain login privileges for new systems while retaining access to old ones, even as they change roles and move across the organization. It is important to correlate current permissions and roles with the actual business needs of privileged users on a regular basis.

Learn More About Managing Privileged Accounts

Do you face similar issues while managing your privileged accounts? The IBM Security team will be at InterConnect 2017, which will be held in Las Vegas from March 19 to 23. If you are attending the conference, please drop our booth to talk to us about your experience in managing privileged accounts.

In the meantime, tools such as IBM Security Privileged Identity Manager (PIM) automate the use of privileged identities to help mitigate insider threats and improve security across the organization. They are designed to tackle the typical challenges associated with managing privileged access of the expanding user population without sacrificing ease of use and productivity.

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…