Whether on-premise or in the cloud, privileged access is everywhere, scattered throughout a company’s infrastructure. On average, there are three times as many privileged accesses as there are employees within an organization.
All organizations now use privileged access to be able to utilize certain business applications, information systems or the overall infrastructure of a company. Understanding its usefulness and being able to identify where and when it is being used is crucial to managing the security of the organization’s data, applications and infrastructures.
What are the main characteristics of privileged access?
The use of privileged accounts differs from entity to entity, organization to organization and context to context. Not surprisingly, this means that the definition and characteristics of this type of access can vary significantly. Therefore, it is essential to accurately define the invariables commonly associated with privileged access.
What is the definition of privileged access?
A privileged account gives the user a higher level of access to resources and infrastructures than would be granted to the user of a standard account. Because of this, individuals with privileged access have the necessary authorization to perform operations considered to be of a sensitive or confidential nature on systems and tools used within a department or company.
Contrary to popular belief, the inventory of privileged accounts in an organization is not limited to Windows or Unix administrator accounts. Areas such as infrastructure, applications, data storage, and SaaS environments all have “super user” access with specialized, or privileged, permissions that need to be managed. For example, on SAP systems, any account with a “SAP_ALL” permission is automatically considered to be privileged access.
How are privileged accesses used?
Privileged accesses make it possible to carry out activities that are essential to the proper functioning of an organization, such as:
- the configuration of systems and software in addition to the execution of administrative tasks,
- the creation, modification and suppression of user accounts,
- the installation of software and applications,
- the back-up, updating, modification and deletion of data,
- the carrying out of security and corrective actions, and
- the management of privileged access to data within a company.
What are the different types of privileged access?
Based on recent industry research, privileged accesses are used quite frequently, cover a wide range of purposes and include two major categories: named and shared accounts.
Associated with exclusive users, named accounts are easily identified due to their unique nomenclature, such as adm-user-name.
The following are a few examples of named accounts.
- The domain administrator account gives its user full access to all workspaces and servers in a given network domain.
- The local administrator account provides access to the resources available locally on a device or a server, such as files, directories, services and applications. The user has full rights to configure, modify or delete some or all of these resources based on his privileged credentials.
- The super user account, like that of an information system administrator, is frequently utilized for the on-boarding and off-boarding of employees, making it easy for the user to add or remove them from a system or an application.
- The sales, marketing and human resource managers have business access accounts which, due to the nature of their job functions and responsibilities, may give them privileged access to certain applications and data. While this access is limited to a given scope related to the sector they cover, it could allow them to grant or remove access from members of their team.
Non-named, or shared accounts, are not linked to individuals but are used by multiple people. Although there are no clear definition standards, one may distinguish between:
- Service accounts (for inter-application communication, operating systems and the running of applications or programs. These accounts are not designed for human access).
- Technical or generic accounts (for users to access an infrastructure or a software brick)
These accounts are generally under the responsibility of the IT departments, including remote maintenance and support. However, sharing an account means sharing its credentials (login identifier and password), which can cause a security risk.
Although not exhaustive, this comprehensive list of account types gives a good overview of the range of situations in which it is necessary to grant or utilize privileged access rights. More importantly, it highlights the need to closely control and manage them since they operate on sensitive data.
Identifying your organization’s privileged accesses is a priority.
Many organizations are faced with an increase in cyber attacks as they undergo their digital transformation. Telecommuting, the creation of digital workplaces, and storing data in the cloud are examples of adding new uses and work environments that generate heightened risk related to access rights. When employees have more flexibility on a daily basis, hackers see it as an opportunity to more easily infiltrate their organization’s information systems and get unauthorized access to internal tools and credentials, among other things.
For this reason, privileged access is a prime target. It is crucial to understand why and learn how to identify them within a company.
What is the reason for identifying privileged access?
Based on a survey done In 2021, 74% of organizations that fell victim to cyber attacks claim that their privileged accounts were involved. Because the accounts give access to the most sensitive and confidential resources, identifying and protecting them is a key issue for the reasons stated below.
- They allow highly impactful operations by providing access to sensitive systems, including financial data and payment services.
- The holders of such accounts access confidential business, financial, and employee-related data that cannot be compromised under any circumstances.
- Like standard access rights, privileged access is subject to compliance regulations.
Whether responding to auditors or protecting the company from critical attacks, the recognition of privileged accesses and their activity must be closely controlled, monitored and managed using a precise and effective strategy.
How are privileged accounts detected?
As mentioned earlier, privileged access is widespread throughout a company’s information systems. Because their characteristics vary depending on how they are used, it can make it difficult to locate them. Despite this, identifying them in order to be able to protect them is crucial. Here are three best practices that help with this.
1. The reporting of privileged accesses at the time of their creation
Privileged accounts must be able to be detected as soon as they are created. When new resources are added or changes are made to areas like applications and information systems, processes must be put into place within the organization to disclose the privileged accesses associated with these new resources. The owners of these resources then report each new privileged access and document how it will be used.
2. The execution of a script to automate their identification and provide security
When a new standard system is deployed, the associated privileged accesses are often already known and must be immediately protected. At the same time as the notification is made by the resource owners, it is possible to automate the security of newly created privileged accounts within a Privileged Access Management (PAM) system.
For example, when creating a new Windows or Linux system, the script deploying the server must automatically declare privileged accounts within the PAM system being used.
3. Performing a specific audit
In the event where it appears that some privileged accounts might be hidden or missing, an audit to find them using a scanning tool provided by the PAM vendor, such as DNA or Accounts Discovery from CyberArk, can be scheduled.
Whether a company relies on a Windows or Linux infrastructure, or if their goal is to be able to track privileged access within Active Directory, it is imperative to use a privileged account management solution.
Protecting privileged access is an ongoing challenge for any organization.
It is of the utmost importance to be able to distinguish between standard and privileged accounts in order to carefully monitor and manage them.
Due to their diversity, their widespread presence within internal systems and the nature of the information to which they give access, privileged access accounts must be protected as effectively as possible. To meet the challenge, creating a policy for managing these accesses and using a specialized tool is essential.
In parallel, the implementation of specific methodologies and additional technologies should be considered in order to protect and secure an organization’s privileged accesses in an efficient and exhaustive manner.
For more detailed information about this topic, click here.