Why do so many organizations still struggle with privileged access management? Password mismanagement, users with excessive privileges and out of date systems all contribute to privileged access management failure. I know of many companies who invest greatly in cyber-security, but simply ignore privileged access management. Doing this can allow insiders to become threats to data security. Privileged users not only have authentic access to classified information, but also full control over their computers, which could allow them to steal data for personal gain.
In this article, I will go through six different reasons why privileged access management fails and how you can overcome these issues. I will also introduce LepideAuditor – an IT auditing solution that can help you with your privileged access management.
1. Out of date systems
Do all users in your organization keep their computers, operating system and other software updated? Online users are vulnerable to many risks on the internet, and hackers are always looking to target them. You cannot afford to have security holes in your software. Most hackers try to exploit systems that are not up to date, as they tend to have weaker security, one example being the WannaCry ransomware attack in 2017.
A typical working method of attackers is to exploit asset vulnerabilities, steal elevated credentials and move across until they have achieved their objective. As asset vulnerabilities are the first step in this chain, and updates usually contain security advancements, installing the updates of operating system and other software can go a long way in securing privileged accesses and ensuring cyber security.
2. Privileged password mismanagement
Password mismanagement can easily lead to security breaches. Some of the common malpractices in password management include:
- Applying simple passwords
- Not changing passwords regularly
- Sharing passwords with colleagues
- Not changing default passwords
- Reusing the old passwords
- Using run-of-the-mill (easy to guess) passwords
To overcome this, deploy an enterprise-wide password management solution that will act as a safe, integrated avenue for password storage and access. Such solutions can improve efficiency by systematizing password changes for critical systems through approval work flows and real-time alerts on password access.
3. Granting excessive privileges
In some organizations, users are assigned more privileges than they need actually. The excessive privileges given to users could result in:
- End users being able to run their systems as an administrator.
- Administrators not having control over applications installed on end users’ systems.
- Administrators granting extra privilege to users for specific work and forgetting to revoke these privileges when the work is complete.
To stop this from happening, take back administrative rights from the end users. Once all users have forfeited their rights, IT admins can elevate a user’s right to the required applications, so that they can do their job without excessive privilege.
4. Not prioritizing cloud applications
Despite many more organizations migrating to the cloud, security is still not being prioritized. Privileged accesses must be secured consistently across all channels including on-premise, Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS) and others.
One way to ensure that this happens is to use the management of on-premises and cloud applications into a single console with a common system for policy setting, reporting and analytics. As organizations are increasingly adopting cloud to keep pace with business demands, IT teams must offer similar security to both cloud-based and on-premise systems.
5. Not tracking privileges granted to outsiders
Administrators should track privileged access granted to outsiders, such as contractors and service providers. As soon as the contract expires, don’t forget to withdraw the privileges. If the privileges granted to outsiders are not tracked, or the privileges are not revoked on time, you leave yourself seriously open to security threats.
LepideAuditor for Active Directory displays a list of users who are members of Administrative groups and sends real-time alerts whenever a new user is added to that group. It also allows you to restore the permissions of Active Directory objects, including user accounts, to an ideal previous state. You can also view the permissions given to user accounts in the past, compare the permissions of user accounts between two dates and perform a historical permission analysis of Active Directory.
LepideAuditor for File Server lets you see the current effective permissions of Active Directory users, groups, and other objects applied on the shared files and folders. You can audit the permission changes made on file and folders, view historical permission changes for a selected file or folder, and compare the permissions between two dates.
6. Not taking auditing seriously
Take IT configuration change auditing seriously and audit critical server components proactively. If you are not taking auditing seriously, by the time you have detected a privilege abuse or insider threat and completed the audit trail through native logs – it could be too late.
What is the solution? Answer is to audit everything by deploying a third-party auditing solution, like LepideAuditor. It gives you a simple yet cost-efficient way to monitor and audit IT configuration changes. With LepideAuditor you can do the following:
- Audit changes in the configuration of IT environment
- Audit User Management changes such as
- opassword change and reset attempts
- failed logins
- successful logins
- user logon at multiple computers
- concurrent sessions
- changes in user expiry dateand other attributes
- changes in the status of user accounts
- auditing user account lockouts
- Identify and track privileged user activities
- Auditing permission changes across multiple components
- Creating in-depth audit reports to show the change event records
- Tracking inactive user and computer accounts