How do you maintain Accountability for your team's operational tasks, as well as compliance with Change Management? How do you ensure that your admins only conduct changes during valid change windows or with the appropriate approvals in place? How do you protect your administrators activities from pointing fingers when something happens outside of change control?
Now imagine that you have outsourced these sensitive "Privileged Identity" tasks to a third party....
A “Privileged Identity” is a systems account (User account or Service account) with more access than is typically granted to general end users of the system. This could be on an Enterprise Operating System like Windows or Unix, or in a Database system like MS SQL Server or Oracle. This type of account is granted to those individuals that administer portions of the system, or to service accounts that run applications or jobs that require escalated levels of access.
Examples of these would be:
- Shared Administrative Accounts – Local Server Administrator or Windows Domain Administrator, UNIX root user, or Oracle SYS have full access to every resource on the system.
- Application or Service Accounts – these are accounts used by applications or services to access data on the system or network, or to communication with other business applications and to access tables/columns in a database. Like the above Administrator accounts, these accounts typically have greater than required access to critical business information.
- Super User Accounts - Some special business users, such as software developers or DBA's are given excessive access to the environment just to make their job easier.
With this level of access, many unplanned things
can befall a company.
- Human error is the most common. An administrator mis-types something in a command line, and erases large portions of Business Data.
- Rogue Adminstrators, although the stuff of folklore, are an IT manager's worst nightmare.
- In the June 2012 Wall St. Journal, an article entitled Malware Targets Vulnerable Admin Accounts, discusses one of the issues that can happen to a privileged account that is not rorperly secured.
Privileged Access Management is the practice of separating the Privileged Access out of an administrators account and providing them some facility to request that access quickly when required.
Cyber-Ark and Hitachi ID are Enterprise grade Privileged Identity Vaults that store managed pools of system accounts associated with a server or group of servers / databases.
They facilitate the ability to "check out" an account with the privileges required to conduct your task, while potentially enforcing an approval workflow, and requiring either a "Business Reason" or "Change Record" to tie the request to. In the workflow, you can elect to simply record the request and log it out to your SIEM, you can send an alert message via email or SMS to the asset owner, or ultimately add levels of authorization before the admin gains access.
When either the requested change window expires, or the administrator checks the account back in, the password for that account is changed immediately, removing access.
Cyber-Ark currrently has the ability to protect Privileged accounts in Windows, AIX, HPUX, Solaris, Linux, (Including a secure, fully logging replacement for SUDO) MS SQL, DB2, and Oracle.
Cyber-Ark can also proxy direct connectivity to target servers vir secure RDP or in the case of UNIX, ssh, meaning that you can lock down your remote access policies to only allow remote console to be initiated from the Cyber-Ark appliances.
Extensive amounts of reporting and alerting are available for compliance and accountability.
It is time to make those with the most access,
accountable for their activities!
Please also read:
- "The Biggest Cybersecurity Threat Just May Be Your Own Staff," Wall St. Journal, June 2012
- "Too much access? Privileged Identity Management to the rescue," CSO Magazine, November 2010