BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

5 rules for effective privileged user account management

From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Tue, 16 Feb 2016 09:19:42 -0600
http://business-reporter.co.uk/2016/02/15/5-ways-to-effectively-manage-privileged-user-accounts/

*The quarter of organisations set to review privileged activity by 2018 are
also set to cut data leakage by a third, according to a new report by the
cyber security experts at Gartner. Here are five ways to manage your
accounts effectively.*


*1. Inventory privileged accounts and assign ownership *First, know what
you have an make sure somebody’s looking after it. “Organisations should
start by using free autodiscovery tools offered by some PAM vendors to
enable automated discovery of unmanaged systems and accounts across the
range of infrastructure — but even those autodiscovery tools will not find
everything,” says Gartner research director Felix Gaehtgens.
------------------------------


*2. Make sure shared account passwords are not shared *Organisations must
make sure that even approved users do not share their passwords, because
this reduces accountability and compromises the accounts system. According
to Gartner, this is a best practice and demanded by regulatory compliance.
It also makes it less likely that passwords will leak to others.
------------------------------


*3. Minimise the number of privileged accounts *By cutting the number of
accounts with privileged access, an organisation can make its IT team’s job
easier and make it easier to keep an eye on those that remain. Gartner says
migrating to shared privileged accounts is recommended, although this
requires the right tools to manage the risk and control issues that arise
from their use.
------------------------------


*4. Establish processes and controls for managing shared account use *As
with all elements of cyber security, users must be clear on their duties
and processes and the business must be able to detect who is doing what. By
implementing the right privileged account management tools, organisations
can create an audit trail that holds individuals to account and meets
regulatory compliance requirements.
------------------------------

*5. Use privilege elevation for users with non-privileged access *Users
should have accounts with minimal rights for day-to-day work. “Never assign
superuser privileges to these accounts, because these might exacerbate
accidental actions or malware that can cause drastic consequences when used
in a privileged environment,” says Gaehtgens.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: