Privileged Access Misuse: Four common mistakes firms make

Privileged Access Misuse: Four common mistakes firms make

  April 27, 2017 |  Critical Accounts, Authentication

Any modern-day enterprise’s information systems setup is not static. It grows as business expands. And as business goes through a transition period amidst rising amount of workloads shifting to cloud, the administrative accounts – logon credentials with elevated permission to access servers, critical data bases, and applications—also multiply.
Organizations risks data breach lest privileged accounts are not secured from possible misuse, particularly at a time when administrative accounts get operated by multiple users, which includes third-party service providers.

Here are the four common mistakes that organizations make as to safeguarding privileged accounts.

1. Failure to itemize critical accounts

it’s one of the most common mistakes. Organizations often are completely oblivious or pay a very attention to the number of privileged accounts that exist within their IT ecosystem. If firms fail to secure these identities, compromised corporate insiders or organized cyber criminals can easily exploit the security gaps to steal the data by gaining unauthorized access into the system. An itemized list of privileged accounts would help better organize the complex IT setup.

2. Ambiguity over who will administer privileged accounts

Just compiling a list of privileged accounts is not sufficient. Organizations should clearly define who will be administrating these accounts, including their roles and responsibilities. Again, authorizing someone with privileged access does not mean that a privileged user can access all the underlying components.

3. No clear outline on how to use privileged sessions

There is a complete absence of policy, which defines when a privileged session could be undertaken (time-bound access) along with other common mistake such as lack of dual-control authorization and passwords rotations.

4. Absence of multi factor authentication

In this age, where organization’s digital assets risk persistent threats from malware, botnets, phishing, and possible privilege access misuse from compromised insiders, no amount of network security will ensure safety for your highly sensitive information. A multi-factor access authentication is a must. A privileged user should only be able to access IT systems after giving randomly generated token or one-time-password (OTP), in addition to privileged credentials.

 


ARCON provides state-of-the-art technology aimed at mitigating information systems related risks. The company’s Privileged Access Management (PAM) / Privileged Identity Management (PIM) solution enables blocking unauthorized access to ‘privileged access’, while its Secure Configuration Management solution helps to comply with Governance, Risks, and Compliance (GRC) requirements .

Need a solution for safeguarding critical IT assets? Please contact us

About ARCON

Product In Action

Follow us

        

Keep in Touch

   This email address is being protected from spambots. You need JavaScript enabled to view it.
+91 22 4221 5300  (INDIA)  
+97143633637  (MIDDLE EAST)  
  (212)-537-6519   (USA)  
  +61- (02)8006-1236   (Australia)  

   Get Directions