Best Practices for Securing and Passing Privileged Account Audits
Privileged accounts can be divided into categories; such as built-in, user made, linked to a consultant/contractor and anonymous. To better secure and pass privileged accounts audits, you must monitor the activities of these accounts and maintain proper management and control them.
A new network, where the latest guidelines are adopted as the system is rolled out, can be easy to track and monitor. In such an environment, passing an audit is a relatively straightforward process, as most of the requirements are taken care of during the designing phase itself. Other organizations with years of growth, acquisitions, upgrades, application rollout and a host of other activities that has made their network an incongruent environment, will have some complexities to overcome, as no such provisions to secure and audit the privileged accounts were made in the design phase.
In this article, we will go through some of the best practices that enterprises can follow to secure their environment and pass privileged account audit.
1. Least privileged access: When it comes to privileged accounts, follow the least privilege model. There are many benefits of the restricted access model when it comes to dealing with privileged accounts, including risk limitation.
2. Make a catalog of privileged accounts: Create a live document that contains a list of all privileged accounts as they are created for business applications and other corporate activities. The document should have full details, including activation date and deactivation date for each privileged account. The ongoing inventory gives a clear picture of what the organization is dealing with and if they need to address any probable concerns.
3. Authentication policy: Authentication and validation policy requirements are different (more stringent) for privileged accounts. Go for a platform that supports fine-grained policies for authentication and passwords. To protect these accounts, admins can use soft certificates, high complexity password, OTP and other advanced means.
4. Password change Policy: Change passwords as frequently as possible. Weekly or bi-weekly password changes gives you tighter security and helps to prevent passwords leaking outside the organization.
5. Regular account activity review: Don’t wait till audit day to review account activity. Continuous account activity monitoring helps in finding out what users with privileged access have been doing up until now. Real-time alerts are a proactive means of account monitoring that assist in preventing damage from privilege account breach. Lepide Active Directory Auditor offers built-in reports that answer the ‘who, what, when and where’ questions of privileged account activity, as well as giving real-time alerts to manage infringement cases proactively.
6. Hard coded passwords: Don’t hardcode passwords. While designing apps, developers may temporarily hardcode a password in the application and may then forget to remove the password. Such hardcoded passwords can lead to security breaches. Embedded passwords are a very common cause of security breach.
7. Training: Human error is by far the most common cause of privileged account misuse. Sharing passwords with colleagues and writing passwords down may lead to unauthorized access to privileged accounts. Giving regular training to systems administrators, developers, application owners and others about the proper ways to manage credentials is important in combatting this.
Enterprises that follow the best practices securing privileged accounts are less likely to be the victim of an avoidable insider threat or data leak.