The Perils of Poor Privileged Account Management
-
The Perils of Poor Privileged Account Management
Privileged accounts are the keys to the kingdom, yet the majority of IT pros admit lax account management practices open up their company to serious security risks. -
Privileged Account Management Challenges
The top three challenges respondents face managing administrative or other privilege passwords: Default admin passwords on hardware and software not consistently changed: 37%, Multiple administrators share a common set of credentials: 37%, Can't consistently identify individuals responsible for administrator activities: 31% -
Better Control Would Reduce Risk
Asked whether better control of administrative or other privileged accounts would reduce the likelihood of a security breach, 76% of respondents said yes and 24% said no. -
Most Have Process for Managing Privileged Accounts
77% of respondents said their companies have a defined process for managing administrative or other privileged accounts. 23% said their companies have no such process. -
The Majority Use Software to Manage Privileged Accounts
The three types of software respondents use are: Password vault: 41%, Internally developed tools or scripts: 39%, Change management software: 31% -
Delegation Is Critical to Privileged Account Management
Asked which management practices are most critical to their organization, respondents chose delegation (implementing a least-privilege model by which administrators are only given sufficient rights to do their job) and password vaulting (automated storage, issuance and changing administrative credentials). -
Less Than Half Log Privileged Access
49% of respondents record, log or monitor some but not all administrative or other privileged access, 42% do so for all access, and 9% do not do any of these. -
Most Have Process for Changing Passwords
Asked whether their company has a defined process for changing the default admin password on hardware and software when new resources are brought in, 72% said yes and 28% said no. -
Few Change Passwords Monthly
Only 26% of respondents said administrative or other privileged passwords on mission-critical systems are changed monthly. -
Best Practices
Dell offers the following best practices for securing privileged accounts and alleviating risk to business: Take inventory of privileged accounts, including users and the systems that use them. Ensure that privileged passwords are stored securely, enforce strict requirements for access and change management processes for privileged passwords. Ensure individual accountability and least-privileged access. Log and/or monitor all privileged access. Audit use of privileged access regularly.
Disorganized privileged account management practices expose businesses to serious security risk, a new study revealed. Although 80 percent of respondents have a defined process for managing privileged accounts, they aren’t diligent in following it. The survey, "Privileged Account Management: a Survey of IT Professionals," was conducted by Dimensional Research on behalf of Dell. Privileged accounts are the keys to the kingdom, which is why hackers seek them out, said John Milburn, executive director and general manager, Identity and Access Management at Dell Security. "To alleviate this risk and ensure these accounts are controlled and secured, it's absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches." The survey captured data from 450 IT security professionals in the United States, United Kingdom, Germany, Australia and New Zealand. They were split between the roles of IT manager or administrator and CIO, vice president or other IT executives. 41 percent work at companies with more than 5,000 employees, and 59 percent are from companies with 1,000 to 5,000 employees.