Privileged Password Management - Pitfalls to consider

Maintaining a complex, frequently updated password process is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do statistics show that two out of three data breaches tie back to poor password management?

Privileged password management tools provide an essential service for keeping mission-critical data, servers and assets safe and secure. However, there are several pitfalls to look out for when deploying a privileged password management solution.

  1. Dynamic account discovery and asset profiling: Your IT environment is in a constant state of flux, with assets and accounts being added and updated virtually every day. It’s critical to quickly bring systems and accounts under management – and then keep tabs on them as they evolve. Syncing with Active Directory is fine for identifying accounts on company-sanctioned Windows systems, but few networks are so homogenous and “tidy.” Rogue devices, backdoors and standalone systems outside of AD can pose huge threats. Therefore it makes good sense to be able to constantly scan your environment for new assets and accounts – both authorised and unauthorised – across all platforms.

  2. Straightforward deployment: Bringing a new technology solution on board for better privilege password management should be straightforward. Tinkering with an assortment of disparate modules or tools negates the benefit of “tightening up”. The components of an integrated solution should include a safe or vault, a policy manager, good web access technology, and password synchronisation management delivered in a hardened appliance (physical or virtual) format with a centralised configuration and management console. High availability options are also a must.

  3. Session management that’s simple and secure: If you’re managing password delegation and access to privileged accounts, it makes sense to facilitate, segregate and monitor privileged sessions. Most password management vendors require additional software agents or JavaScript for session management – and often charge extra for it. Instead of putting your sensitive information at risk, consider working with a solution that includes built-in, agentless session management that works securely with native applications such as PuTTY and Microsoft Terminal Services Client (MTSC). To keep things protected, you should not pass credentials to the client, but rather use one-time keys for RDP and SSH connections.

  4. Dynamic permissions: Privileged password management solutions, in essence, were created to overcome human error—so why depend on a solution that always requires manual intervention? Errors and administration overheads can be reduced with automation around rules and policies that remove user action from the equation and streamline security initiatives - e.g. automatically detecting new accounts or systems, and sending alerts for risky or “stale” accounts, automatically delegating privileges based on a discovered asset’s OS, services, applications and other profile information - for instance, if your solution discovers a SQL Server then can it automatically make it available to DBAs and kick off a notification to IT operations ?

  5. Unmatched reporting and analytics: Comprehensive reporting and analytics are crucial not only for audit and compliance purposes, but also for maintaining visibility into the status of privileged accounts, assets and passwords on a day-to-day basis – and pinpointing where further action is needed. Reports should be scoped with role-based access, scheduled for automatic delivery, and customisable. Long-term, historical reporting on all asset and account data should be available as standard.

  6. Video session monitoring: In the event of a breach, there is nothing worse than struggling to find the underlying causes of the breach or how to fix it. We recommend that you ensure you have the ability to go beyond surface-level monitoring with DVR-style videos of all privileged sessions. Immediate playback in native formats eliminates the guessing game, enforces accountability, and assists in compliance validation. Monitoring capabilities in many solutions often only show a limited view of privileged sessions, leaving gaps in activity and sometimes use non-native formats that eat up bandwidth and storage.

Beyond Trust bring all privilege and password management initiatives under a single integrated console to help you eliminate the risk of open back doors and gain greater visibility into user and asset-based risks. Their PowerBroker Password Safe technology seamlessly integrates with their other popular least-privilege, privilege management, and vulnerability management solutions through a single console.

To discuss how PowerBroker Password Safe can help your organisation contact Sameer.Shaikh@mpa.co.nz

Click here to check out Frost and Sullivan’s recent review and the Gartner Market Guide for Privileged Account Management.

Sameer Shaikh -
Consultant  

Sameer has over 7 years of experience in sales and customer service roles in the financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
2014: The Year Encryption Comes of Age More >
The key to a secure BYOD-enabled enterprise More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >