Exposed and under threat - Why haphazard processes are harming local businesses
- 16 November, 2015 05:31
Organisations in Australia and New Zealand - similar to the global market - have haphazard processes for managing administrative or other privileged accounts, making businesses vulnerable to security breaches.
Responses from a Dell-commissioned survey - including IT professionals from the US, UK, Germany, Australia and New Zealand - claims that nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it.
In fact, almost 30 percent still use manual processes such as Excel or other spreadsheets to manage privileged accounts.
Not only are these manual processes prone to error and easily compromised, warns the tech giant, they impede quick resolution in time-critical situations.
“Privileged accounts really are the ‘keys to the kingdom,’ which is why hackers seek them out and why we’ve seen so many high-profile breaches over the past few years use these critical credentials,” says John Milburn, Executive director and general manager, Identity and Access Management, Dell Security.
“To alleviate this risk and ensure these accounts are controlled and secured, it’s absolutely crucial for organisations to have a secure, auditable process to protect them.
“A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organisational assets from breaches.”
According to Milburn, 83 percent of survey respondents face many challenges with managing privileged accounts and administrative passwords, ranking the following as the top three most critical privileged account management (PAM) challenges facing their organisations:
- Default admin passwords on hardware and software are not consistently changed (37 percent)
- Multiple admins share a common set of credentials (37 percent)
- Inability to consistently identify individuals responsible for administrator activities (31 percent)
Although more than 75 percent have a defined process for changing the default admin password on hardware and software as new resources are brought into the organisation, Milburn claims that only 26 percent change admin passwords monthly on mission critical systems and devices.
For Milburn, such a ack of well-defined password and reporting practices present challenges.
“Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organisations,” he adds.
“However, less than half say they have a regular cadence of recording, logging or monitoring administrative or other privileged access.
“The lack of a standard, enforced approach, coupled with a multitude of software tools and manual processes for managing privileged accounts, makes the business susceptible to hackers, and exposes corporate data to possible breach.”
Prevention of both breaches and insider attacks has become a major driver for the adoption of PAM solutions, Milburn claims.
According to a recent Gartner "Market Guide for Privileged Access Management" report, "adoption of PAM products by organisations is often partial, leaving gaps that translate to risk."
It notes that "prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency.
"And by 2017, more stringent regulations around control of privileged access will lead to a rise of 40 percent in fines and penalties imposed by regulatory bodies on organisations with deficient PAM controls that have been breached."