The Perils of Poor Privileged Account Management
Privileged accounts are the keys to the kingdom, yet the majority of IT pros admit lax account management practices open up their company to serious security risks.
The top three challenges respondents face managing administrative or other privilege passwords: Default admin passwords on hardware and software not consistently changed: 37%, Multiple administrators share a common set of credentials: 37%, Can’t consistently identify individuals responsible for administrator activities: 31%
Asked whether better control of administrative or other privileged accounts would reduce the likelihood of a security breach, 76% of respondents said yes and 24% said no.
77% of respondents said their companies have a defined process for managing administrative or other privileged accounts. 23% said their companies have no such process.
The three types of software respondents use are: Password vault: 41%, Internally developed tools or scripts: 39%, Change management software: 31%
Asked which management practices are most critical to their organization, respondents chose delegation (implementing a least-privilege model by which administrators are only given sufficient rights to do their job) and password vaulting (automated storage, issuance and changing administrative credentials).
49% of respondents record, log or monitor some but not all administrative or other privileged access, 42% do so for all access, and 9% do not do any of these.
Asked whether their company has a defined process for changing the default admin password on hardware and software when new resources are brought in, 72% said yes and 28% said no.
Only 26% of respondents said administrative or other privileged passwords on mission-critical systems are changed monthly.
Dell offers the following best practices for securing privileged accounts and alleviating risk to business: Take inventory of privileged accounts, including users and the systems that use them. Ensure that privileged passwords are stored securely, enforce strict requirements for access and change management processes for privileged passwords. Ensure individual accountability and least-privileged access. Log and/or monitor all privileged access. Audit use of privileged access regularly.