4 steps to reduce the risk of shared account passwords
How do you reduce the risk of a security breach when sharing privileged accounts?
There are partners, employees, contractors, customers, and others who access or try to access your most valuable company assets on a daily basis. But each individual or each group represents a high risk if their privileges are not managed properly. Time and time again we see an employee or a contractor falling victim to a phishing attack and the compromised credentials are then used to move laterally through your environment.
This can be especially damaging if the account that has been compromised is a shared account:
- Shared accounts are commonly used on more than one application or resource. Think of the admin account for your servers or networking devices. Most likely a lot of resources use the same credentials.
- It makes it that much harder to pinpoint who has been compromised.
- In most cases, it requires a lot of systems that need to be touched to “fix” the problem.
Reduce Your Risk with Shared Account Password Management
As you are exploring the right tools to reduce the risk with shared accounts and privilege management, think about the following:
- To control costs, plan ahead for evolving requirements. Look for tools that solve more than just that “one” problem you are trying to solve because sharing an account with others is most likely also an account with “too much” privilege.
- Make sure that high-value features like multi-factor authentication (MFA), high availability (HA), privileged account management (PAM), and role-based access controls (RBAC) are part of the solution.
- Look for solutions that support session monitoring. This way, there is accountability and visibility for privileged activity.
- Do not forget about your nonhuman services and application accounts. Nonhuman accounts are major sources of operational and security risk. Companies need a tool that allows them to eliminate hard-coded, plain text account passwords from scripts and applications.
Delinea Infrastructure Services allows partners, contractors and employees access to shared account passwords, while maintaining control over who has access, which accounts' passwords they have access to, and how those passwords are managed. Enterprises can secure and manage super-user, service, and application accounts on servers and network devices, both on-premise and in the cloud.
Authorized users can access resources using shared accounts without knowing the passwords and Delinea will not expose the passwords and will deny any unauthorized access. In case of emergency access, authorized users can check out passwords for shared accounts, including service, application and database accounts for a limited duration. Delinea Infrastructure Services can take full control of passwords and automatically change the password once the checkout expires.
Related reading: What is Enterprise Password Management?
Pinpoint risky stored passwords in minutes