August 21, 2018 By Stefan Köhler 3 min read

When an IT administrator or other privileged user leaves an organization, the security team must take care to determine which systems he or she could access, and what data, if any, he or she accessed on the way out the door — especially if the outgoing administrator is in any way disgruntled.

But how can organizations gain the visibility they need to monitor their most sensitive accounts and databases? A privileged account management solution is a great place to start.

The IT Administrator Challenge

IT administrators have access to most of the systems, applications and technologies within an organization. This means that they have sufficient privileges to potentially cause harm to the organization by manipulating data, destroying important services or stealing intellectual property.

Since many privileged accounts are shared between several administrators, removing these accounts is not a viable option, and the process of changing passwords for such accounts can be arduous. In addition, it’s difficult for security teams to see exactly how many accounts an outgoing administrator has access to — it could be hundreds. Removing or securing all these credentials manually requires a significant investment in time and resources.

Even if the security team manages to block the outgoing administrator from accessing privileged accounts, it must still determine which accounts were accessed the last time the administrator logged in and what activity he or she conducted while inside the database. To gain this visibility, security teams must invest in either:

  • A centralized monitoring solution that analyzes activity on all systems and applications; or
  • A session-recording solution that records all the administrator’s activities when using privileged accounts.

Although both options require manual activities, they are critical tasks if the organization suspects that an outgoing administrator might conduct harmful activity on the way out.

What Does a Privileged Account Management Solution Do?

Fortunately, there are privileged account management (PAM) solutions available to automate these processes while producing the necessary documentation. This documentation is required by a wide range of compliance regulations, many of which focus explicitly on the management of privileged accounts.

PAM solutions can cover all of the above-mentioned challenges and more. The functionality mostly includes:

  • Secure storage of account credentials, meaning an admin no longer needs to know the credentials;
  • Automatic discovery of administrative accounts;
  • Controlled access to privileged accounts by permitted administrators, including automatic logins;
  • Recording of administrative sessions; and
  • Manual and automatic password rotation for one or all administrator accounts.

How Else Can PAM Help Boost Data Security?

While the main use case of a PAM solution is to allow administrators to securely access privileged accounts, there are additional scenarios where such a tool can be used.

Administrators aren’t the only ones who need access to certain accounts; developers also need test accounts in various systems. Managing these — especially in an DevOps environment — is just as complex as managing shared administrator accounts. A PAM solution can help provide the right developers with the right test accounts at the right time.

In addition, there is another oft-forgotten group of accounts that must have the passwords changed from time to time: technical and application accounts. There is likely not even an overview of all these accounts, and their passwords will almost certainly not be changed periodically, even if regulations require this. The problem is that it is not always clear which application uses this account. A PAM solution provides an overview of all such accounts, discovers the dependent services, changes the password in all places at once and restarts the services in the correct order.

Whether you need to manage administrator access, privileged users or application accounts, a PAM solution can provide the security team with robust protection capabilities to keep data safe from risks associated with outgoing administrators.

Read the e-book: Privileged Account Management for Dummies

More from Identity & Access

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today