1Best Practices for Managing Privileged Access in an Enterprise
A BeyondTrust study looks at what separates top-tier and bottom-tier organizations when it comes to privileged access management.
2Grant Privilege to the App, Not the User
Among the best practices that are widely embraced by top-tier organizations is to grant privilege to apps, rather than the user.
3It’s Important to Cycle Passwords
A good best practice in any organization is to have a process that cycles user passwords on a regular basis. According to BeyondTrust’s report, cycling passwords often or always is done by 76 percent of top-tier organizations.
4Monitoring Privileged Account Sessions Is Important
Keeping track of how privileged accounts are used is a monitoring activity that can help to limit risk. Seventy-one percent of top-tier and 49 percent of bottom-tier organizations in the BeyondTrust study do, in fact, monitor the sessions of privileged accounts.
5Managing Credentials Is Key
A core element of being able to effectively secure privileged accounts is to have a system for managing credentials. Top-tier organizations mostly indicated they are efficient at managing credentials, while those in the bottom tiers are somewhat less efficient.
6Enterprise Platforms Needed for Managing Privileged Access
The difference between what constitutes a top-tier and a bottom-tier organization in BeyondTrust’s study is exemplified in the use of an enterprise platform for managing privileged access. The majority (78 percent) of top-tier organizations have an enterprise solution, while 39 percent of bottom-tier organizations do not.
7Understanding Risk Requires Tools
Different applications and systems represent different levels of risk. Properly understanding what the risks with the use of a tool is a best practice for privileged access management. That said, only 57 percent of BeyondTrust’s top-tier respondent group in fact have a tool that provides risk assessment.