Privileged Account Management Remains Problematic

November 9, 2017 @ 3:20 PM
| |
2 min read

Privileged accounts are great targets for threat actors because fraudsters with high levels of access can cause data leaks of greater significance. A new survey by One Identity revealed that problems related to privileged account management put sensitive enterprise data at risk.

The survey, which queried 900 security professionals from around the world, found that 86 percent of organizations do not consistently change privileged account passwords after each use. Even worse, 40 percent of respondents neglect to change default administrator passwords.

Problems With Privileges

The report detailed other failures to follow security best practices. For example, only 54 percent of respondents use a password vault to protect privileged accounts. Furthermore, while 95 percent of respondents said they log or monitor high-level access to some degree, only 43 percent monitor all privileged access. This negligence could enable credential-stealing threat actors to move throughout the network without causing any alarm.

Meanwhile, 32 percent of respondents said they were unable to definitively identify administrator activities. This is no surprise, since 46 percent of respondents have multiple administrators who share common credentials.

Too Many Tools

The survey found that organizations employ various tools for privileged access management, including Microsoft Excel (36 percent) and internally developed scripts (37 percent). In fact, a 2016 Thycotic survey revealed that 70 percent of security professionals used either “homegrown” solutions or no tools at all to manage privileged accounts.

Other common tools include permissions delegation software (25 percent) and paper-based log books (18 percent), according to the One Identity report. Further muddying the waters, two-thirds of respondents said they used multiple tools for privileged account management, while 13 percent reported using four or more.

Mitigating Privileged Account Management Risks

Security teams should consider ways to improve their privileged account management practices. Some organizations might benefit from implementing a comprehensive approach to password management in general, not just for privileged accounts.

An integrated identity and access management (IAM) solution that contains a high-security password vault for the most important accounts can also lend added security to the entire system, and ensure that credentials can be controlled and modified as users’ needs change over time. By dealing holistically with all accounts, security professionals can mitigate the problems specific to privileged account management.

Larry Loeb
Principal, PBC Enterprises

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE mag...
read more