Manisha Rai, IAM Consultant, SecureITsource, Inc.
2017 has been yet another year beset by a number of massive data breaches! In fact, it is more than likely you have not just heard about them, but it’s very possible that you have been affected by them. A report by USAToday ranks the top breaches based on the estimated number of affected users – Verizon – 14 million, Equifax – 143 million, Yahoo – 1 billion, Blue Cross Blue Shield /Anthem – 80 million and many more which happened this year alone!! Lesson learned? It is very important for companies to have a comprehensive data security strategy in place to ensure that their most valuable data is secured. Many of these breaches are a direct result of compromised privileged accounts. Privileged accounts exist in every environment and can offer an attacker access to endpoints, which can lead to control of the network. Cyber-attackers continuously target on stealing and exploiting these privileged accounts to carry out their illicit plans.
It is important to understand the definition of a privileged account. Privileged accounts typically hold the highest level of permission and have access to perform privileged tasks, such as administration, configuration, and the execution of a program on the system. There are different kinds of privileged accounts, such as those that provide administrative access to local systems, domain administrator accounts that allow administrative access to all systems within a domain, service accounts, application accounts, and root account on Unix servers, to name a few. These accounts exist in large numbers and are hard to manage manually. Once they end up in the wrong hands, these accounts can be exploited to gain anonymous access to the network and allow the attacker full access to the keys to your kingdom.
Many organizations are not aware of how many privileged accounts exists in their environment, who has access, what activities are being performed using these accounts or how often the passwords of the accounts are changed. Privileged accounts lack accountability as they do not belong to a single user and are shared by many people. These challenges make it hard to track and manage privileged accounts effectively.
There are security measures which can help organizations to protect privileged accounts. Best practices include identifying and reducing the number of privileged accounts, changing passwords on a regular basis, recording user activity, and enforcing least privilege on a target system. Users should be given as much power as they require to do their job and application owners should have the power to revoke the access of employees if required.
Privileged access management solutions provide a secure, streamlined way to authorize and monitor all privileged users in an organization. They can detect privileged accounts in an organization, secure and rotate passwords, and detect unauthorized access to these accounts. A comprehensive solution can remove the anonymity of shared accounts, and provide individual accountability. Finally, a comprehensive PAM solution establishes an audit trail for all privileged account access within an organization.
There are plenty of PAM solutions available in the market that can protect privileged accounts. As the number of cyber-attacks and data breaches increase, organizations should think about implementing these solutions to protect their most valuable assets.