Dell Survey Shows Haphazard Privileged Account Management Practices Expose Businesses to Serious Risk
Dell today announced the results of a global security survey that reveals organizations have haphazard processes for managing administrative or other privileged accounts, making businesses vulnerable to security breaches. Responses from IT security professionals around the world reveal that 76 percent believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it. In fact, almost 30 percent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these manual processes prone to error and easily compromised, they impede quick resolution in time-critical situations.
Although more than 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organization, only 26 percent said they change admin passwords monthly on mission critical systems and devices.
Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organizations. However, less than half say they have a regular cadence of recording, logging or monitoring administrative or other privileged access. The lack of a standard, enforced approach, coupled with a multitude of software tools and manual processes for managing privileged accounts, makes the business susceptible to hackers, and exposes corporate data to possible breach.
Prevention of both breaches and insider attacks has become a major driver for the adoption of PAM solutions. According to a recent Gartner "Market Guide for Privileged Access Management" report, "adoption of PAM products by organizations is often partial, leaving gaps that translate to risk." It notes that "prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency. And by 2017, more stringent regulations around control of privileged access will lead to a rise of 40% in fines and penalties imposed by regulatory bodies on organizations with deficient PAM controls that have been breached."1
A successful privileged account management strategy should take an integrated approach to addressing PAM challenges. Dell offers the following best practices for implementing an automated, controlled approach to privileged access management that secures the business today and alleviates risk:
John Milburn, executive director and general manager, Identity and Access Management, Dell Security
"Privileged accounts really are the ‘keys to the kingdom,’ which is why hackers seek them out and why we’ve seen so many high-profile breaches over the past few years use these critical credentials. To alleviate this risk and ensure these accounts are controlled and secured, it’s absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches. Dell Security solutions cover the entire range of customer needs, including privilege safe, delegation/least-privileged access, and audit and monitoring, along with significant, integrated adjacent technologies for Active Directory bridge and multifactor authentication."
About the Survey:
Gartner "Market Guide for Privileged Access Management" by Felix Gaehtgens, Anmol Singh, 27 May 2015.