Organizations have haphazard processes for managing administrative or other privileged network accounts, making businesses vulnerable to security breaches, a Dell survey of more than 560 IT technology professionals.
The survey found that 76 percent believe that better control of privileged accounts would reduce the likelihood of a breach.
Nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it, and almost 30 percent say they still use manual processes, such as Excel or other spreadsheets, to manage privileged accounts.
“The first step to better controlling privileged accounts is to understand the full scope of what accounts currently exist and who has access to them,” Jackson Shaw, senior director of product management for Dell Security, told eWEEK. “The next step is to implement a secure and automated solution that provides access to and changes the passwords of those accounts in a way that ensures individual accountability, as well as the ability to provide reports for security and compliance. Finally, limit the number of privileged accounts that are required through technologies like Active Directory Bridge, and be sure to take a least privileged access approach when providing access to privileged accounts.”
Shaw noted there were two survey findings that particularly stood out: The fact that 37 percent of IT security professionals stated that the default admin passwords for software and hardware were not changed on a consistent basis, and that only 29 percent change the administrative password for their mission critical systems and devices on a monthly basis.
Although more than 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organization, only 26 percent said they change admin passwords monthly on mission critical systems and devices.
Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organizations.
However, less than half said they have a regular process for recording, logging or monitoring administrative or other privileged access.
“With the growth of the Internet of things and the ever-changing threat landscape, ensuring the security of an organization is only getting more difficult with security breach prevention becoming one of the greatest areas of concerns facing organizations,” Shaw said. “It is important that organizations start taking an end-to-end approach to security, as only focusing on protecting the perimeter is ineffective once a hacker is already inside.”