August 21, 2018 By Stefan Köhler 3 min read

When an IT administrator or other privileged user leaves an organization, the security team must take care to determine which systems he or she could access, and what data, if any, he or she accessed on the way out the door — especially if the outgoing administrator is in any way disgruntled.

But how can organizations gain the visibility they need to monitor their most sensitive accounts and databases? A privileged account management solution is a great place to start.

The IT Administrator Challenge

IT administrators have access to most of the systems, applications and technologies within an organization. This means that they have sufficient privileges to potentially cause harm to the organization by manipulating data, destroying important services or stealing intellectual property.

Since many privileged accounts are shared between several administrators, removing these accounts is not a viable option, and the process of changing passwords for such accounts can be arduous. In addition, it’s difficult for security teams to see exactly how many accounts an outgoing administrator has access to — it could be hundreds. Removing or securing all these credentials manually requires a significant investment in time and resources.

Even if the security team manages to block the outgoing administrator from accessing privileged accounts, it must still determine which accounts were accessed the last time the administrator logged in and what activity he or she conducted while inside the database. To gain this visibility, security teams must invest in either:

  • A centralized monitoring solution that analyzes activity on all systems and applications; or
  • A session-recording solution that records all the administrator’s activities when using privileged accounts.

Although both options require manual activities, they are critical tasks if the organization suspects that an outgoing administrator might conduct harmful activity on the way out.

What Does a Privileged Account Management Solution Do?

Fortunately, there are privileged account management (PAM) solutions available to automate these processes while producing the necessary documentation. This documentation is required by a wide range of compliance regulations, many of which focus explicitly on the management of privileged accounts.

PAM solutions can cover all of the above-mentioned challenges and more. The functionality mostly includes:

  • Secure storage of account credentials, meaning an admin no longer needs to know the credentials;
  • Automatic discovery of administrative accounts;
  • Controlled access to privileged accounts by permitted administrators, including automatic logins;
  • Recording of administrative sessions; and
  • Manual and automatic password rotation for one or all administrator accounts.

How Else Can PAM Help Boost Data Security?

While the main use case of a PAM solution is to allow administrators to securely access privileged accounts, there are additional scenarios where such a tool can be used.

Administrators aren’t the only ones who need access to certain accounts; developers also need test accounts in various systems. Managing these — especially in an DevOps environment — is just as complex as managing shared administrator accounts. A PAM solution can help provide the right developers with the right test accounts at the right time.

In addition, there is another oft-forgotten group of accounts that must have the passwords changed from time to time: technical and application accounts. There is likely not even an overview of all these accounts, and their passwords will almost certainly not be changed periodically, even if regulations require this. The problem is that it is not always clear which application uses this account. A PAM solution provides an overview of all such accounts, discovers the dependent services, changes the password in all places at once and restarts the services in the correct order.

Whether you need to manage administrator access, privileged users or application accounts, a PAM solution can provide the security team with robust protection capabilities to keep data safe from risks associated with outgoing administrators.

Read the e-book: Privileged Account Management for Dummies

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today