Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How To Manage Privileged Accounts: Security Tips


Whether you're a company trying to comply with Payment Card Industry (PCI) requirements, an energy utility looking to get a handle on standards set forth by the North American Electrical Reliability Corporation (NERC), or the typical enterprise, separation of privileges and privileged account management can be a daunting task. The seemingly simple undertaking of inventorying privileged and shared accounts can be difficult in an environment with differing technologies. However, the need to identify those accounts and manage and audit them is a critical need for many companies--though not one that can be done quickly and without proper planning.

Compliance requirements for privilege separation and monitoring of sensitive activities performed by privileged accounts give the phrase, "Who watches the watchers?" new meaning. And with the general consensus by users that IT administrators have too much control, it is important to have checks and balances in place to prevent abuse.

When dealing with the issues surrounding privileged accounts, enterprises have to approach it slowly and methodically to be sure business and security needs are met, as well as compliance. Jumping in too quickly just to check off a box for the auditor will cause numerous headaches. Problems can range from locked-out accounts and the failure of scripts that rely on embedded passwords, to business processes being delayed, causing loss of revenue.

The first step is to inventory privileged accounts, passwords, and how they are used. The last part is extremely important as shared passwords, service accounts, embedded devices, legacy systems, and automated scripts need to be considered. Email surveys and interviews with IT and users can be used to identify privileged and shared accounts. In an ideal world, the account provisioning process included a specific naming convention to identify these types of accounts, but even with those guidelines in place, things slip through the cracks.

Log monitoring and searching files (e.g., automated scripts) can help identify the accounts that humans aren't typically involved with using and have likely been forgotten about. The logs can be used to identify accounts that are used at regular intervals to indicate an automated process. Similarly, logins occurring late at night could be the results of automated backup processes.

Read the rest of this article on Dark Reading.