Establishing controls for privileged access continues to be a focus of attention for organisations and auditors. Gartner says that by 2018, 25% of organisations will review privileged activity and reduce data leakage incidents by 33%.
“Only less than 5% of organisations were tracking and reviewing privileged activity in 2015,” says Felix Gaehtgens, research director at Gartner. “The remainder is, at best, controlling access and logging when, where and by whom privileged access takes place — but not what is actually done. Unless organisations track and review privileged activity, they risk being blindsided by insider threats, malicious users or errors that cause significant outages.”
Prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency. PAM is a set of technologies designed to help organizations address the inherent problems related to privileged accounts.
“IT organisations are under increasing business and regulatory pressure to control access to these accounts, which can be administrative accounts, system accounts or operations accounts,” says Gaehtgens.
Gartner recommends that IT operations and security leaders use some best-practice approaches for effective and risk-aware privileged access management.
Inventory all the accounts with privileged access and assign ownership
All privileged accounts in your IT environment that enjoy permission levels beyond those of a standard user should be accounted for. It is a security best practice to frequently scan your infrastructure to discover any new accounts introduced with excess privileges. “This becomes even more important for dynamic environments that change rapidly, such as those using virtualization on a large scale, or hybrid IT environments that include cloud infrastructure,” says Gaehtgens. “Organisations should start by using free autodiscovery tools offered by some PAM vendors to enable automated discovery of unmanaged systems and accounts across the range of infrastructure — but even those autodiscovery tools will not find everything.”
Shared-account passwords must not be shared
The golden rule is that shared-account passwords must not themselves be shared. Sharing passwords, even among approved users, severely erodes personal accountability; this is a security best practice and demanded by regulatory compliance. It also makes it less likely that passwords will leak to others.
Minimise the number of personal and shared privileged accounts
Eliminate, or at least drastically reduce, the number of users with (permanent, full) superuser privileges to the minimum that is consistent with operational and business needs. Migrating to shared privileged accounts is a recommended practice; however, this requires appropriate tools — managing the risks and control issues that arise from the use of such accounts is inefficient and complicated without a shared account password management tool.
Establish processes and controls for managing the use of shared accounts
Establish processes and controls for managing shared accounts and their passwords. While it is possible to use manual processes to manage privileged access, it is too cumbersome and virtually impossible to enforce such practices without specialised PAM tools.
IT operations and security leaders need to implement PAM tools to automate processes, enforce controls and provide an audit trail for individual accountability. These tools are mature, and provide efficient and effective password management for shared superuser (and other) accounts in a robust, controlled and accountable manner, enabling any organization to meet regulatory compliance requirements for restricted access and individual accountability.
Use privilege elevation for users with regular (non-privileged) access
Administrators will typically have personal, non-privileged accounts that they use for their day-to-day work, such as reading email, browsing the Web, accessing corporate applications, creating and reviewing information, and so on. “Never assign superuser privileges to these accounts, because these might exacerbate accidental actions or malware that can cause drastic consequences when used in a privileged environment,” says Gaehtgens. “Instead, use privilege elevation to allow temporary execution of privileged commands.”