Exposing haphazard privileged account management practices

Dell has published the results of a global security survey that reveals organisations have haphazard processes for managing administrative or other privileged accounts, making businesses vulnerable to security breaches. Responses from IT security professionals around the world reveal that 76 percent believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it. In fact, almost 30 percent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these manual processes prone to error and easily compromised, they impede quick resolution in time-critical situations.

 

Eighty-three percent of survey respondents face many challenges with managing privileged accounts and administrative passwords, ranking the following as the top three most critical privileged account management (PAM) challenges facing their organisations:

1.    Default admin passwords on hardware and software are not consistently changed (37 percent)

2.    Multiple admins share a common set of credentials (37 percent)

3.    Inability to consistently identify individuals responsible for administrator activities (31 percent)

Although more than 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organisation, only 26 percent said they change admin passwords monthly on mission critical systems and devices.

 

Lack of well-defined password and reporting practices present challenges

Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organisations. However, less than half say they have a regular cadence of recording, logging or monitoring administrative or other privileged access. The lack of a standard, enforced approach, coupled with a multitude of software tools and manual processes for managing privileged accounts, makes the business susceptible to hackers, and exposes corporate data to possible breach.

 

Prevention of both breaches and insider attacks has become a major driver for the adoption of PAM solutions. According to a recent Gartner “Market Guide for Privileged Access Management” report, “adoption of PAM products by organisations is often partial, leaving gaps that translate to risk.” It notes that “prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency. And by 2017, more stringent regulations around control of privileged access will lead to a rise of 40% in fines and penalties imposed by regulatory bodies on organisations with deficient PAM controls that have been breached.”¹

 

Dell offers best practices for securing privileged accounts and alleviating risk to the business

A successful privileged account management strategy should take an integrated approach to addressing PAM challenges. Dell offers the following best practices for implementing an automated, controlled approach to privileged access management that secures the business today and alleviates risk:

1.    Take an inventory of the organisation’s privileged accounts, including users, and the systems that use them.

2.    Ensure that privileged passwords are stored securely, and enforce strict requirements for access request and change management processes for privileged passwords.

3.    Whenever possible, ensure individual accountability and least-privileged access.

4.    Log and/or monitor all privileged access.

5.    Audit use of privileged access on a regular basis.