Privileged Account Management Practices Leave Businesses at Risk
The Dell survey found more than three-quarters (76 percent) of tech professionals believe better control of privileged accounts would reduce the likelihood of a breach.Organizations have haphazard processes for managing administrative or other privileged network accounts, making businesses vulnerable to security breaches, a Dell survey of more than 560 IT technology professionals. The survey found that 76 percent believe that better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it, and almost 30 percent say they still use manual processes, such as Excel or other spreadsheets, to manage privileged accounts. "The first step to better controlling privileged accounts is to understand the full scope of what accounts currently exist and who has access to them," Jackson Shaw, senior director of product management for Dell Security, told eWEEK. "The next step is to implement a secure and automated solution that provides access to and changes the passwords of those accounts in a way that ensures individual accountability, as well as the ability to provide reports for security and compliance. Finally, limit the number of privileged accounts that are required through technologies like Active Directory Bridge, and be sure to take a least privileged access approach when providing access to privileged accounts."
Shaw noted there were two survey findings that particularly stood out: The fact that 37 percent of IT security professionals stated that the default admin passwords for software and hardware were not changed on a consistent basis, and that only 29 percent change the administrative password for their mission critical systems and devices on a monthly basis.