Privileged identities are a key vulnerability in most businesses as they provide unfettered access to the most sensitive infrastructural assets, but are often the least well managed. These privileged identities hold super-user permissions to access files, run programs and change server and access settings without additional oversight.
There are many reasons for ignoring the management of privileged identities in business today including the failure to change default and initial login credentials for new hardware and software, to overlapping functions and responsibilities as a result of cost cutting. And then there’s the infamous failure to update someone’s access when they change jobs or to remove it completely when they leave. Arguably, the most unforgivable privileged identity sin is allowing weak access controls that are easily broken by social engineering.
Uncontrolled privileged access can pose serious risks of unwanted data access and loss, as well as disruptions in services. There is, however, a proven four-step process to ensuring the organisation’s privileged identities remain secure and well managed.
1. Identify: Identify and document all critical IT assets, their privileged accounts and interdependencies. This process can be done manually, with the associated risks, or by automated privileged identity management software. The automated approach reduces the risks and costs, while optimising the efficiency of the data collection process without human errors creeping in.
2. Delegate: Once a comprehensive list of assets and dependencies exists, a process needs to be followed to securely and efficiently assign time-managed access privileges to the relevant authorised personnel. Automating this step reduces risk and delivers privileged credentials over a secure communications channel without exposing passwords or falling prey to human error.
3. Enforce: Companies must enforce rules for password complexity, diversity and change frequency, synchronising changes across all dependencies to prevent service disruptions. Once again, automating this process is recommended to force the appropriate changes at the appropriate times.
4. Audit: The final step in ensuring securing privileged identities is ensuring that all security access or change requests, their purpose and durations are documented, and that management is made aware of unusual events. This documentation must be audited regularly to pick up anomalies. Automated privileged identity management software again provides powerful protection and features that give management better control and accountability over systems and processes.
Effective identity and access management (IAM) across the board is a crucial area business today needs to focus on. As part of this process, companies also need to pay special attention to privileged identity management processes to ensure they strictly manage access to the most sensitive areas of their infrastructure.
For more information contact Alan Rehbock, Magix Security, +27 (0)11 258 4442, [email protected]
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version