Understanding Privileged Account Security

Privileged Account Security Solution

Previously, we have focused on the security issues raised by privileged users. As the people who can access the administrative back ends of critical systems, privileged users represent a potential threat vector. After all, they can get into confidential data, account settings, and system configurations. Equally or even more important to security than privileged users, however, is the concept of the privileged account. A privileged account is an actual mechanism by which a privileged user gains access to administrative controls. Having a privileged account security solution in place is thus an essential practice for the maintenance of a robust security posture.

Privileged users have unrestricted access to everything, so having a privileged account security solution in place is critical in ensuring a robust security posture.

What is Privileged Account Security?

A privileged account is a special user account on a system. The privileged account entitles the user to perform certain administrative tasks. However, it’s far more than that. A privileged account represents the totality of rules, controls, roles, and permissions that apply to it. For example, an email server might have a privileged account called “administrator” that allows anyone with the right credentials to set up, modify, or delete other user accounts. Rules give the role of “administrator” the privilege to change the system settings.

In this way, a privileged account is a bit like a car key. The key itself is neither good nor bad; the driver makes all the difference. He can use the car to save a life or take one. Privileged account security prevents bad outcomes from either deliberate or accidental misuse of privileged accounts. It comprises the practices and tools that stop unauthorized users from accessing privileged accounts.

Securing privileged accounts requires a multi-layered approach. It incorporates identity management and access control. Both physical and logical security are essential to its success. Privileged account security solutions must encompass the complete spectrum of controls, rules, roles, and permissions that define privileged accounts at their core.

The Risks of Deficient Privileged Account Security

Privileged account misuse is a serious security concern and a major problem for many organizations. For example, the 2017 Verizon Data Breach Report points to privileged account misuse as the second leading cause of security incidents and the third leading cause of data breaches.

Privileged account misuse doesn’t have to be sophisticated. Some of the most egregious breaches involved simply sharing privileged account passwords. This was the case with the Société Générale scandal, arguably the most extreme abuse of privileged account access ever —where one of the world’s largest banks lost $7 billion when a currency trader improperly accessed his manager’s privileged account and deleted transactions.

Privileged account misuse is the second leading cause of security incidents.

Other examples of privileged account misuse include:

  • Privilege escalation – In this scenario, a malicious actor attains one level of privilege, but then uses the administrative system itself to “promote” himself into a more privileged position. The Edward Snowden affair offers one of the most infamous examples of privilege escalation. By taking advantage of lax oversight, Snowden was able to manufacture digital keys that let him past authentication gateways. He could then tap into data resources at a much higher level in the NSA than were permitted to him. He stole 1.7 million top-secret documents.
  • Third-party privilege misuse – Privileged users may work for outside entities like IT contractors. Without an effective privileged account security solution in place, third parties can abuse privileged access. This was the case in the second, lesser-known breach at Anthem Health Insurance company. In June of 2017, an employee of one of Anthem’s vendors used a privileged account to steal over 18,000 patient records, including social security numbers.
  • Improper access due to administrative errors – Also in 2017, it was revealed that employees at Vanderbilt University Medical Center (VUMC) had improperly viewed thousands of patient records due to mistakes in setting up privilege account access rules. The employees, whose main job was to transport patients around the hospital, did nothing other than look at patients’ private information. This episode was relatively benign, in cybersecurity terms, but it could have been far worse if this information had been sold on the black market.

Using PAM as a Privileged Account Security Solution

A Privileged Access Management (PAM) solution makes it possible to secure privileged accounts. The WALLIX Bastion, for instance, offers a streamlined, centralized system for privileged account security. It includes the following functional modules:

  • Access Manager—Governing access to privileged accounts with a single point of policy definition and policy enforcement for privileged account management. A super admin can add/modify/delete privileged user accounts. This way, the organization can keep careful tabs on privileged accounts and make sure they are aligned with rules, roles, policies, and controls.
  • Session Manager—Tracking and monitoring all actions taken during a privileged account session for future review and auditing. Some session managers can even prevent malicious or unauthorized actions and/or alert Super Admins if suspicious activity is detected.
  • Password Vault—Keeping passwords in a secure and certified “vault.” This helps avoid the Société Générale scenario. All system access is via the password vault. End users never have direct access to root passwords. This capability mitigates the risk of local overrides on physical devices.

Secure your strategic and critical assets to protect yourself from cyber risks.

To learn more about WALLIX privileged account security solutions, get in touch!