The Key to Preventing Unauthorized Access: Account Management
The most common threat to every networked system is unauthorized access to information and internal data.
In many cases, the very technologies that have been deployed to benefit users and control access can introduce significant risks. Unauthorized access may cause the loss of integrity, confidentiality and availability of assets if a system’s security measures are not managed properly.
In order to minimize potential damage, companies must establish control over every account to protect proprietary information from disclosure, erasure or modification by external sources. This type of control will provide organizations with the faculty to protect and monitor accounts in a manner that prevents users from committing malicious or unintentional damage to sensitive data and environments.
Managing User Vs. Privileged Accounts
It is important for organizations to be aware of the normal user vs. privileged user accounts at work within their system. Various types of accounts present different levels of risk, though all should be thoroughly monitored and managed on an ongoing basis to prevent unauthorized access.
As a general rule, “Sysadmins” and other types of privileged users should have an account for their day-to-day work, and an account on which they can perform their privileged functions. Sysadmins should have additional security controls, and for certain types of accounts (such as accounts that have access to production environments), there should be a rights escalation process to ensure that even admins do not have open, unregulated access to sensitive areas.
For all other users, individual accounts should be created. In order to keep valuable information secure, companies should update privileges often. Keeping with the principle of least privilege, an organizational operating procedure should be in place to review and revise group memberships and other access privileges.
Reviews of both user and privileged accounts should occur periodically (at least once a quarter) or when a user changes job roles. If a user’s new role does not require access to resources that their old role gave them, that access should be removed. As a matter of best practice, recently inactive accounts should be disabled and accounts that have been dormant for long periods of time should be deleted. While there is no standard length of time after which an account should be disabled or deleted, accounts that have been dormant for more than 90 days should be removed.
The Dangers of Sharing Accounts
It is a critical security component to withhold from sharing accounts. Within multiple environments, there is a temptation to share accounts in order to streamline the development process. However, this greatly increases the risk to your production environment and thus, your client’s data and publicly facing software.
This is particularly the case if test and development environments do not have the same security standards as the production environments. Responsibilities for development, testing and production should be separate and performed by separate resources. Furthermore, the use of sensitive production data should in test environments should be avoided.
Make it known to all users that sharing of accounts should never occur—ever! Credential sharing should be faced with detrimental repercussions, as it presents a significant risk to the company’s sensitive data.
By managing and overseeing the accounts of both privileged and regular users, organizations can ensure that all information and internal data is protected from unauthorized access.