We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Service accounts characteristically do not correspond to a user; rather, these are accounts that are used by software to access and interact with other software, devices or data. The passwords for service accounts frequently remain unchanged in the interest of avoiding the loss of this interconnectivity. But service accounts left ungoverned, with default password settings in place, make your organisation particularly vulnerable to a data breach. In fact, the now infamous Target breach began when hackers gained network access via a service account created automatically by a software installation. The attack eventually cost the company an estimated $2.2 billion.
Based on evaluations of access risk recently conducted by Courion at dozens of leading corporations, IT security organisations typically underestimate the number of service accounts with elevated access rights that exist and which have not had a password reset in 365 days or more. For example, Courion found 500 or more service accounts with default password settings in place at several organisations.
By the time an annual or semi-annual audit reveals that service accounts represent access risk, a hacker may be long gone with company-critical data. To address this, Courion offers an evaluation of access risk which leverages Access Insight™, an identity and access intelligence solution, to analyse password reset history, login history, privilege patterns, ownership, and more to determine accounts that may be service accounts and which may represent a high risk of compromise. A prioritised view of where remedial action is needed most is also provided.
“Our access risk quick scans are eye-opening for many CISOs, CIOs and Chief Risk Officers. It’s impossible with traditional IAM technologies to see through the complexity of an organisation’s identity and access infrastructure to identify possible access risks, but Access Insight allows you to do exactly that,” said Chris Zannetos, CEO of Courion. “Identity and Access Intelligence is not just a nice to have, it is required to get ahead of hackers, corral out-of-policy access provisioning, and turn certification from a rubber stamping exercise into an effective control.”
