Your most powerful users are the most trusted. Their privileged accounts give them access to administrator functions that can change how your systems behave. When stolen, these accounts give intruders the ability to perform a wide range of malicious activities that go beyond simply stealing data to changing data, installing unauthorized code and malware, disabling accounts, disabling systems, and more. It’s critical to add privileged access management on top of identity and access management controls.

Investigate Your Privileged Account Processes

To start protecting your privileged accounts, ask yourself a couple of questions:

Do you know where you have privileged accounts?

Privileged accounts are everywhere. There are privileged server login accounts, database accounts, application accounts, firewall accounts, and network device accounts. The first step to managing and protecting privileged accounts is simply identifying where they exist.

Do you have the right number of privileged accounts?

It’s common to have both too many and too few privileged accounts.

Too many accounts because users may be given more privileges than they need, often because it was simply easier to set them up that way. There may also be active accounts that should have been disabled when employees left.

Too few accounts because often instead of creating a separate account for each privileged user, a single privileged id (and its password) are shared by all users who legitimately need that privileged functionality.

Fixing these problems requires procedural changes that ensure accounts are reviewed when they’re created and when employees change job functions or leave the business, as well as a cultural change to stop using shared accounts.

How are you assigning privileges?

If you assign privileges to employees individually, it becomes very hard to keep track of that access. Defining roles and assigning employees to roles allows you to match the capabilities of an employee’s account to the responsibilities of their job. You may also want to take advantage of the ability to restrict access to users in certain locations or at certain times of day. Limiting access to on-premises use during work hours greatly reduces the risk of a hacker using the account.

Are you monitoring privileged account usage?

Because privileged users have the ability to alter the behavior of systems, all privileged account usage should be monitored, all the time. This means keeping an audit trail showing when users log in to the account and the actions they take; it also means reviewing the logs in a timely fashion so unauthorized activities can be detected and corrected quickly.

Technology to Protect Privileged Accounts

Many of the tools and processes you use to protect user accounts can also be used to protect privileged accounts. This includes setting and enforcing password policies, using 2-factor authentication, and using password management tools to prevent users from writing down passwords.

You can also use other tools designed specifically to grant and track usage of privileged accounts. Access managers restrict access to privileged accounts, password vaults prevent users from directly accessing passwords, and session managers maintain an audit trail. For Microsoft users, leverage Privileged Access Management for Active Directory Domain Services to control privileged access.

Privileged access management is an important component of your information security strategy. Contact Prescient Solutions to learn how our comprehensive approach to cybersecurity can help you manage all your users, including those with privileged accounts.