March 3, 2017 By Rahul Agarwal 2 min read

Four Common Challenges Related to Privileged Accounts

What problems do you face in managing your privileged accounts? Not sure? Let’s talk about the four most common problems we hear on this topic. I am guessing that some, if not all, will sound familiar.

1. Proliferation of Shared IDs

Occasionally, employees need to be given additional privileges to perform functions beyond their normal responsibilities. In these situations, organizations might allow privileged users to share one or more common user IDs.

Many companies find it easier to allow privileged users to share their user IDs because it bypasses the need to continually add and delete accounts as users come and go. However, this approach is undesirable because it leads to the proliferation of shared IDs, making it difficult to attribute a particular action to a specific individual. This level of anonymity removes an important deterrent against irresponsible or malicious acts by parties who know the passwords to business-critical systems.

2. Third-Party Access

Third parties play an increasingly important role in an organization’s IT ecosystem. However, many third parties may not be as secure as the organizations to which they provide services, making them prime entry points for attackers. It is especially important to monitor the activities of third-party vendors if they have access to critical IT systems.

3. Meeting Compliance Obligations

It is critical for organizations to enforce compliance to industry regulations such as the Sarbanes-Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA). IT leaders must have systems and processes in place to prove that they are following these standards. However, mismanagement of privileged accounts continues to be a recurring theme in IT security audits.

4. Privilege Creep

Privilege creep is the phenomenon by which employees accumulate high levels of access to IT infrastructure, some of which they are not entitled to have. It occurs when employees obtain login privileges for new systems while retaining access to old ones, even as they change roles and move across the organization. It is important to correlate current permissions and roles with the actual business needs of privileged users on a regular basis.

Learn More About Managing Privileged Accounts

Do you face similar issues while managing your privileged accounts? The IBM Security team will be at InterConnect 2017, which will be held in Las Vegas from March 19 to 23. If you are attending the conference, please drop our booth to talk to us about your experience in managing privileged accounts.

In the meantime, tools such as IBM Security Privileged Identity Manager (PIM) automate the use of privileged identities to help mitigate insider threats and improve security across the organization. They are designed to tackle the typical challenges associated with managing privileged access of the expanding user population without sacrificing ease of use and productivity.

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today