Keeping the Keys to the Castle: Mitigating Privileged Account Password Security Risks
When it comes to password security, most organizations focus on making sure access to privileged accounts is given to those who need it and that access is secure. However, when those system administrators move on or their job role changes, organizations aren’t always as persistent in revoking their existing access.
The Password Security Problem
A Ponemon Institute survey of IT professionals around the world found that the majority of professionals have access to company data they didn’t need to perform their jobs.
The reason password security poses such a significant threat to enterprises is that unfettered access gives employees the ability to:
- Breach personal data;
- Complete unauthorized transactions;
- Cause denial-of-service attacks; and
- Hide activity by deleting audit data.
Privileged accounts pose a challenge to IT because they don’t belong to individual users; they’re usually shared by many administrators, and those administrators may share passwords for privileged accounts across thousands of devices.
But when a system administrator leaves the company, the passwords they used often remain unchanged, leaving the enterprise vulnerable to attack by former employees and contractors.
So how do enterprises mitigate the password security risks associated with privileged accounts? Some organizations address this challenge by periodically changing passwords and storing those codes in a safe, but this poses a few obvious problems.
First, the system administrator may not have access to the passwords in the event of an after-hours emergency. Even worse, an on-site disaster such as fire or flood can make a privileged password database unavailable at other sites. This threat of downtime or compromised access is not practical and sends many organizations in search of a more secure solution.
Finding a Solution
A better solution for most organizations would be to install a privileged access management system. According to a recent report, such a system can help an enterprise mitigate risks by ensuring that:
- Passwords associated with privileged accounts are periodically randomized.
- IT staff are personally authenticated prior to requesting, approving or gaining access to a privileged account.
- Password changes are coordinated between back-end systems and the front-end programs that need to use them.
- Access disclosure takes a variety of forms and doesn’t display passwords to users.
- Login sessions are recorded — noting who connected to a given account on which system at what time from what device — and may even include screen capture and keylogging.
Of course, while the addition of a privileged access management system helps organizations address baseline risks, it does pose some problems of its own. First of all, disclosure of passwords would allow intruders to impersonate any privileged user. Even worse, damage to the credential vault or loss of access to the database would create an operational disaster across entire organization, locking administrators out of every system.
For that reason, organizations must also take steps to protect the access management system itself by following established best practices. These include the ability to:
- Protect the access management system’s credential vault against disclosure;
- Design the system to ensure high availability;
- Protect the password change process against race conditions;
- Ensure that the password change process supports the recovery of managed systems from backup media.
The addition of a privileged access management system gives organizations the ability replace well-known, static and insecure passwords with frequent password changes, strong and personal authentication, fine-grained authorization logic and extensive audit logs.
While deploying a privileged access management system is not without its risks, using a managed identity and access management service can help protect organizations from catastrophic losses of confidentiality, integrity or availability that could result from a system failure. Ultimately, organizations must take care to deploy a system in a way that is robust, fault-tolerant and secure.