Privileged Operating System Access

Because large organizations have thousands of privileged accounts in use throughout the IT infrastructure, it can be virtually impossible to manually track and update them all. In the absence of automated processes, IT staff often set privileged credentials to the same common, unchanging password or may update the credentials through ad-hoc scripts and group policy changes.

An organization that does not maintain frequently-changed, unique passwords for all of its privileged accounts faces the threat of unauthorized users and malicious programs compromising just one password and gaining unrestricted access to resources throughout the network. Former employees familiar with the privileged passwords at their previous organizations and malware that exploits common privileged account passwords pose a particular threat.

Manual processes to change privileged account passwords also pose risks, since improperly implemented and incomplete password updates can result in account lockouts, cascading system failures, and extended IT service disruptions.

The lack of adequate policies and practices to manage privileged accounts can make an organization unable to:

Address its security risks by locating all potential privileged account vulnerabilities
Protect its access by verifying that sensitive data is only accessible to authorized users
Verify security by providing an audit trail of individuals who are granted access to sensitive data
Reduce the potential for extended damage after a security breach exposes privileged credentials that can be re-used across independent IT assets
Eliminate undesired system changes and service disruptions when privileged accounts are used for tasks that don’t require them

Privileged identities are widespread in the IT infrastructure, since they can be found on server and desktop operating systems, on hardware devices like routers or switches, and on applications and services like databases, backup programs, scheduled tasks, and more. Unauthorized access to the privileged account passwords on any of these resources can lead to a compromise of sensitive corporate data and disruptions to IT services.

Without proper controls, access to an organization’s privileged accounts spreads over time, often in unplanned ways. This happens as organizations:

Fail to change the pre-configured logins and service accounts that are introduced as they deploy new hardware and applications
Delegate administrative duties across overlapping groups, change the roles of IT administrators, or contract IT jobs to outside personnel
Fail to revoke all privileged accounts accessed by an employee after his or her job changes or employment ends
breached by social engineering, dictionary attacks, or other means

Despite the serious security risks and the potential for IT compliance audit failure, many organizations are unaware of their own vulnerabilities when it comes to privileged accounts.