Previous PDF

swipe to navigate

What are the business problems related to privileged accounts?

It can be difficult to securely manage access to thousands of privileged accounts. Consequently, in many organizations, the passwords to privileged accounts are:

  • known to many people, possibly including former staff,
  • often the same on many systems,
  • rarely if ever changed and
  • stored in plaintext, by people and by applications.

There are serious consequences to these password management practices, including:

  • There is no accountability for use of shared, privileged accounts. This is both a security / regulatory compliance problem and a problem with diagnosing operational problems.
  • Former staff may retain sensitive access.
  • Attackers have an easier time compromising these dangerous accounts.
  • If one system is compromised (e.g., an IT user's PC or an application server), the attacker can leverage passwords stored or typed on that system to compromise additional systems.

How does a privileged access management system work?

There are several technological approaches to more securely managing privileged passwords:




Eliminate shared passwords entirely and assign personal administrator-level accounts to each IT user, on each asset.

Individual accountability for configuration changes.

Too many administrator-level accounts on each system.

Create and delete personal administrator-level accounts for users on demand.

Individual accountability for configuration changes.

Complex integration between many systems and the corporate directory.

Modify operating systems and applications to check whether users are allowed to perform privileged actions, in real time. Manage access control policies centrally.

Fine-grained control over user access.

Too many administrator-level accounts on each system plus complex change control on each system.

Use software installed on each device to periodically change local passwords. Send a copy of these passwords to a secure vault, shared by many systems.

Works even in complex, segmented networks.

Requires software on each managed system.

Software on a central system periodically pushes new passwords to each device and keeps copies in a secure vault.

Minimal footprint on managed systems.

Requires connectivity from a central application to managed systems.

By far the most common approach to securing privileged accounts is to randomize their passwords regularly. Normally this process is initiated by a central server, to eliminate the need for change control on each managed system.

How often should passwords on privileged accounts be changed?

A good rule of thumb is daily. With a daily password change, if a system administrator quits, he would only have access to a few accounts (on systems where he did work on his last day) and all that access would automatically expire within 24 hours.

Longer password change intervals introduce the possibility of access retention for more time, creating a longer window of vulnerability.

Shorter password change intervals may interfere with work. For example, an administrator may need to sign into a system for several hours to make a complex change, and an hourly password change might interfere with this work.

Previous Next PDF