by Christy Lynch
Last week’s Privileged Account Security & Compliance Survey results highlighted that while the majority of organizations do in fact understand the power and significance of privileged accounts, most of them are surprisingly unaware of the scope of the problem. As our CMO John Worrall detailed for you in Part of 2 of our blog series, privileged accounts consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors, and more. Unfortunately, the majority of organizations fail to grasp this and significantly underestimate the number of accounts that exist across their IT infrastructure.
In addition to highlighting the above, the survey also found that most organizations are using outdated, manual processes (such as spreadsheets) to identify and manage their privileged accounts. Consider this:
- 51 percent of organizations surveyed stated that privileged and administrative account passwords were shared among “approved” users.
- 53 percent of large enterprises (5,000+ employees) take 90 days or longer to change their privileged or admin passwords. (76 percent of large enterprises take 60 days or longer.)
In both cases, these findings point to a realization that many organizations fail to meet even the basics of privileged account security. Industry best practices indicate that passwords for privileged accounts should never be shared, and we recommend that any password changes should be automated and restricted to one-time use to ensure tight security standards.
This last point is important: We strongly recommend that privileged account management processes be automated to enforce controls. This also helps to provide a clear audit trail for accountability and security.
Automation is also key to privileged account discovery. Before concluding our blog series, we decided to bring John back in to leave you with more information on an important solution for your consideration. Here, John describes how Cyber-Ark DNA™ (Discovery & Audit) can help you identify where your privileged accounts exist, providing an accurate picture of the state of your enterprise privileged risk.
You can sign up here for a free risk self-assessment using Cyber-Ark DNA.