- Less than 5% of organisations were tracking and reviewing privileged activity in 2015
- By 2018, 25% will review privileged activity and reduce data leakage incidents by 33%
ESTABLISHING controls for privileged access continues to be a focus of attention for organisations and auditors, according to Gartner Inc.
In a statement, the research and analyst firm said that by 2018, 25% of organisations will review privileged activity and reduce data leakage incidents by 33%.
“Less than 5% of organisations were tracking and reviewing privileged activity in 2015,” said Gartner research director Felix Gaehtgens.
“The remainder is, at best, controlling access and logging when, where and by whom privileged access takes place – but not what is actually done.
“Unless organisations track and review privileged activity, they risk being blindsided by insider threats, malicious users or errors that cause significant outages,” he added.
READ ALSO: C-suite still largely clueless about cybersecurity: IBM study
Prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency, Gartner said in its statement.
PAM is a set of technologies designed to help organisations address the inherent problems related to privileged accounts.
“IT organisations are under increasing business and regulatory pressure to control access to these accounts, which can be administrative accounts, system accounts, or operations accounts,” Gaehtgens said.
Gartner recommends that IT operations and security leaders use some best-practice approaches for effective and risk-aware privileged access management:
Inventory accounts, assign ownership
All privileged accounts in your IT environment that enjoy permission levels beyond those of a standard user should be accounted for.
It is a security best practice to frequently scan your infrastructure to discover any new accounts introduced with excess privileges, Gartner said.
“This becomes even more important for dynamic environments that change rapidly, such as those using virtualisation on a large scale, or hybrid IT environments that include cloud infrastructure,” said Gaehtgens.
“Organisations should start by using free autodiscovery tools offered by some PAM vendors to enable automated discovery of unmanaged systems and accounts across the range of infrastructure – but even those autodiscovery tools will not find everything,” he added.
The golden rule is that shared-account passwords must not themselves be shared, Gartner said.
Sharing passwords, even among approved users, severely erodes personal accountability; this is a security best practice and demanded by regulatory compliance.
It also makes it less likely that passwords will be leaked to others.
Minimise, minimise, minimise
Eliminate, or at least drastically reduce, the number of users with (permanent, full) superuser privileges to the minimum that is consistent with operational and business needs.
Migrating to shared privileged accounts is a recommended practice. However, this requires appropriate tools – managing the risks and control issues that arise from the use of such accounts is inefficient and complicated without a shared account password management tool, Gartner argued.
Establish processes and controls
Establish processes and controls for managing shared accounts and their passwords. While it is possible to use manual processes to manage privileged access, it is too cumbersome and virtually impossible to enforce such practices without specialised PAM tools.
IT operations and security leaders need to implement PAM tools to automate processes, enforce controls and provide an audit trail for individual accountability, Gartner advised.
These tools are mature, and provide efficient and effective password management for shared superuser (and other) accounts in a robust, controlled and accountable manner, enabling any organisation to meet regulatory compliance requirements for restricted access and individual accountability, the company said.
Use privilege elevation
Administrators will typically have personal, non-privileged accounts that they use for their day-to-day work, such as reading email, browsing the Web, accessing corporate applications, creating and reviewing information, and so on.
“Never assign superuser privileges to these accounts, because these might exacerbate accidental actions or malware that can cause drastic consequences when used in a privileged environment,” said Gaehtgens.
“Instead, use privilege elevation to allow temporary execution of privileged commands,” he added.
Privileged accounts and insider threats
The rise of the superuser, and managing shadow IT
Privileged accounts the 'signature' in advanced targeted attacks: CyberArk
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.