Rein in Privileged Users to Reduce Information Security Risks

“With great power comes great responsibility.”

That isn’t just a comic book saying; that’s reality. Ensuring that those who have great power use it responsibly can’t be left to chance; that’s also reality. That’s why having a process to monitor and control privileged account usage is a critical piece of ensuring your information security.

Privileged Account Powers

Privileged accounts are the ones with the power of creation and destruction. They’re the administrator accounts that create other accounts and grant powers to other users. They’re the accounts that turn systems on and shut systems down. They’re the accounts that define configurations that control how systems behave. They’re the superuser accounts that can read all data and make any changes. They’re completely necessary, and at the same time, completely dangerous.

Risks of Privileged Accounts

The big risk of privileged accounts is that if they’re compromised—if their credentials are compromised or an employee acts improperly—they can create big damage. Access to all data means all data can be tampered with or stolen. Access to configurations and controls means systems can be altered to behave in unapproved, ineffective, or dangerous ways. Because these accounts are so powerful, they’re tempting targets for hackers. Often, these accounts are ridiculously easy to break, because systems have built-in admin accounts needed to install and configure them for use, and the default settings aren’t changed.

Managing Privileged Account Risk

The first step to managing privileged account risk is to limit privileged account usage. You need to determine where the balance lies between empowering employees and protecting your business. Giving every employee admin access on their PC or to a critical business application may help some tasks get done more quickly, but it also increases risk. Because many companies don’t know where all their privileged accounts are, an audit is often necessary to identify them so they can be managed.

Once you know where the privileged accounts are, you can take steps to control them. This likely means removing privileges from some user accounts. Users should have the minimum set of privileges necessary to perform their job functions. Using role-based access controls can help ensure that only appropriate privileges are granted.

Ultimately, though, some users need privileges. They should each have their own accounts, and passwords should be randomized and changed frequently; passwords that don’t change are vulnerable to attack. Use multifactor authentication to enhance the security of these accounts. Users should access their privileged accounts only when needed to perform a privileged function; actions taken by the privileged accounts should be logged and reviewed.

The reviews don’t need to be manual; there are threat analytics programs that can first identify normal patterns of access and then identify any deviations that may indicate improper use. Should improper use be detected, you need an incident response process that shuts down the account and minimizes damage.

Tools for Managing Privileged Accounts

Tools can help you implement the necessary management and monitoring of privileged accounts. Credentials can be kept in a “vault,” with users required to request access through a workflow. This prevents these accounts from being shared and used without authorization. Delegation allows users to be granted a subset of admin functions. Session monitoring creates a record of user activity within the privileged account.

All user accounts need to be securely managed. CCS Technology Group helps businesses develop and implement comprehensive data security solutions to secure data, networks, applications, systems, and accounts. Contact us to learn more about implementing information security that protects your business.