Any IT infrastructure hosts a multitude of accounts, each with their own levels of rights and privileges. Some accounts consist of only users and may not have the rights to access files, install programs or change configuration settings. At the same time there are other accounts within the same infrastructure with different permission levels, which might have some or all of these rights. These accounts with higher permission levels are known as Privileged Identities (PI’s), super user accounts or super control accounts.
Usually such accounts are held by senior management members like the CEO, CIO and DataBase Administrators (DBA’s). A lot of care is needed to ensure that PI’s are not abused or misused. This is where Privileged Identity Management (PIM) has a role to play. PIM is a domain within Identity Management (IM), which focuses on the monitoring, governance and control of such powerful accounts, within an organization.
PIM is very important for an organization because usually the governance of PI’s is not done in a stringent manner and PI’s are generally not controlled by the Identity and Access Management (IAM) system of the network. In most cases, the IAM software leaves PI’s unregulated, while imposing strict privileges on the entire network. What complicates the problem is that senior people who own these accounts, seldom have a formal training in managing them. This puts the whole network at grave risk because improperly managed PI’s is a hot bed for leaking sensitive corporate information. Furthermore, they pose a danger of compromising the entire network through malwares.
A 2009 report prepared by Northrop Grumman Corporation for a US congressional committee, very clearly outlines the extent of the threat. According to the report, US government and private sector information, once unreachable or requiring years of expensive technological or human asset preparation to obtain, can now be accessed and manipulated with comparative ease using computer network operations tools.
A recent American study by Ponemon Institute outlined that privileged users and their credentials form the core of a continuing series of security breaches across various sectors including government and financial services. It further goes on to state that in a recent 12 month period, 110 million Americans were impacted and 432 million accounts were compromised in data breaches. Analysis of those breaches reveals that privileged users and their credentials are at the core.
Unmanaged PI’s can be used by insiders and external hackers to steal highly confidential information and compromise the entire network. Some matters of concern include:
Because of the above mentioned reasons, these PI’s become the prime targets of hackers and malicious insiders today. The intruders usually combine bugs and vulnerabilities in the firewall software and social grafts, to access individual computers inside secure networks. Once they are able to access a single computer, they use PI’s and administrative accounts to map the organization’s IT infrastructure, for retrieving sensitive information so fast that they can bypass conventional safeguards.
The implementation of a privileged account policy will go a long way in the efficient management of PI’s and prevent their abuse. A secure privileged account policy should incorporate ways of: