Without employing best practices for privileged access management, privileged accounts can prove difficult to manage. Privileged Data User accounts are sometimes not monitored or secured like privileged accounts, and the security is focused on the application where the data is stored, but not always. So many privileged accounts become bloated due to temporary permissions never being revoked after the project’s end. Behavioral analytics focuses on key data points to establish individual user baselines, including user activity, password access, similar user behavior, and time of access to identify and alert on unusual or abnormal activity. The other approach for Privileged User/Account management is Shared Account Password space (Gartner calls it Shared Account Password Management or SAPM).These "vaults" are typically appliances with a secure storage and a web front-end; they provide also additional capabilities like request handling and approvals, privilege session brokering, recording of the sessions as well. Shared accounts, especially privileged accounts, need to have an account owner assigned to them. Organizations must perform a Data Risk Assessment to detect privileged data and secure ALL standard accounts that have access to sensitive data. Shared and privileged accounts can pose a security risk to enterprises if the proper controls and procedures are not in place. Practice Discovery of Privileged Accounts In the “2018 Global State of Privileged Access Management (PAM) Risk & Compliance” report, Thycotic discovered serious issues. Keeping track of privileged user and shared access accounts is also important for accountability. Privileged accounts might, for example, be able to install or remove software, upgrade the operating system, or modify system or application configurations. Don’t let that happen in your IT environment. They are often heterogeneous and distributed throughout the enterprise network. Additionally, Gartner found that 65% of enterprises allow for the unrestricted, unmonitored, and shared use of privileged accounts. Ensuring visibility into the access and activity of your privileged accounts in real time will help spot suspected account compromise and potential user abuse. Privileged Account. They might also have access to files that are not normally accessible to standard users. A privileged account is a user account that has more privileges than ordinary users. Failing to manage shared passwords adequately can expose organizations to serious vulnerabilities, particularly in the case of privileged accounts where a disgruntled employee could potentially have the power to hold an entire network hostage.
2020 shared accounts for privileged users