The Perils of Poor Privileged Account Management

 
 
By Karen A. Frenkel  |  Posted 12-02-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    The Perils of Poor Privileged Account Management
    Next

    The Perils of Poor Privileged Account Management

    Privileged accounts are the keys to the kingdom, yet the majority of IT pros admit lax account management practices open up their company to serious security risks.
  • Previous
    Privileged Account Management Challenges
    Next

    Privileged Account Management Challenges

    The top three challenges respondents face managing administrative or other privilege passwords: Default admin passwords on hardware and software not consistently changed: 37%, Multiple administrators share a common set of credentials: 37%, Can't consistently identify individuals responsible for administrator activities: 31%
  • Previous
    Better Control Would Reduce Risk
    Next

    Better Control Would Reduce Risk

    Asked whether better control of administrative or other privileged accounts would reduce the likelihood of a security breach, 76% of respondents said yes and 24% said no.
  • Previous
    Most Have Process for Managing Privileged Accounts
    Next

    Most Have Process for Managing Privileged Accounts

    77% of respondents said their companies have a defined process for managing administrative or other privileged accounts. 23% said their companies have no such process.
  • Previous
    The Majority Use Software to Manage Privileged Accounts
    Next

    The Majority Use Software to Manage Privileged Accounts

    The three types of software respondents use are: Password vault: 41%, Internally developed tools or scripts: 39%, Change management software: 31%
  • Previous
    Delegation Is Critical to Privileged Account Management
    Next

    Delegation Is Critical to Privileged Account Management

    Asked which management practices are most critical to their organization, respondents chose delegation (implementing a least-privilege model by which administrators are only given sufficient rights to do their job) and password vaulting (automated storage, issuance and changing administrative credentials).
  • Previous
    Less Than Half Log Privileged Access
    Next

    Less Than Half Log Privileged Access

    49% of respondents record, log or monitor some but not all administrative or other privileged access, 42% do so for all access, and 9% do not do any of these.
  • Previous
    Most Have Process for Changing Passwords
    Next

    Most Have Process for Changing Passwords

    Asked whether their company has a defined process for changing the default admin password on hardware and software when new resources are brought in, 72% said yes and 28% said no.
  • Previous
    Few Change Passwords Monthly
    Next

    Few Change Passwords Monthly

    Only 26% of respondents said administrative or other privileged passwords on mission-critical systems are changed monthly.
  • Previous
    Best Practices
    Next

    Best Practices

    Dell offers the following best practices for securing privileged accounts and alleviating risk to business: Take inventory of privileged accounts, including users and the systems that use them. Ensure that privileged passwords are stored securely, enforce strict requirements for access and change management processes for privileged passwords. Ensure individual accountability and least-privileged access. Log and/or monitor all privileged access. Audit use of privileged access regularly.
 

Disorganized privileged account management practices expose businesses to serious security risk, a new study revealed. Although 80 percent of respondents have a defined process for managing privileged accounts, they aren’t diligent in following it. The survey, "Privileged Account Management: a Survey of IT Professionals," was conducted by Dimensional Research on behalf of Dell. Privileged accounts are the keys to the kingdom, which is why hackers seek them out, said John Milburn, executive director and general manager, Identity and Access Management at Dell Security. "To alleviate this risk and ensure these accounts are controlled and secured, it's absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches." The survey captured data from 450 IT security professionals in the United States, United Kingdom, Germany, Australia and New Zealand. They were split between the roles of IT manager or administrator and CIO, vice president or other IT executives. 41 percent work at companies with more than 5,000 employees, and 59 percent are from companies with 1,000 to 5,000 employees.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...