INFOGRAPHIC
Privileged password
management best
practices and benefits
Brian Chappell, Director, Product Management at
BeyondTrust, explains the best practices and benefits of
privileged password management.
Privileged password management
refers to the practice and techniques
of securely controlling credentials
for privileged accounts, services, systems,
applications, machines and more. The
ultimate goal of privileged password
management is to reduce risk by
identifying, securely storing and centrally
managing every credential that provides
elevated access.
Privileged password management works
hand-in-hand with implementing least
privilege and should be a foundational
element of any organisation’s privileged
access management (PAM) initiatives.
Whereas in decades past, an entire
enterprise might be sufficiently managed
through just a handful of credentials,
today’s environmental complexity means
privileged credentials are needed for a
multitude of different privileged account
types (from domain admin and sysadmin to
workstations with admin rights), operating
systems (Windows, Unix, Linux, etc.),
directory services, databases, applications,
cloud instances, networking hardware,
Internet of Things (IoT), social media
and more.
Most likely, achieving holistic enterprise
password management will follow the course
of a graduated approach but it’s essential
that you focus on these eight areas.
Discover all privileged accounts
premises and cloud infrastructure. Discovery
should include every platform.
Bring privileged credentials under
centralised management
Optimally, the onboarding process happens
at the time of password creation or
otherwise shortly thereafter during a routine
discovery scan. Silos of individuals or teams
(i.e. DevOps) independently managing their
own passwords are a recipe for credential
sprawl and human error.
Implement password rotation
Rotation policies should address every
privileged account, system, networked
hardware and IoT device, application,
service, etc. This reduces the threat window
for password reuse attacks. Passwords
should be unique, never reused or repeated
and randomised on a scheduled basis,
upon check-in or in response to specific
threat or vulnerability.
Implement privileged
session management
These solutions ensure complete
oversight and accountability over
privileged accounts and credentials.
Privileged session management refers to
the monitoring, recording and control over
privileged sessions.
Bring non-human/
machine credentials under
centralised management
Simply put, this requires deploying a thirdparty
application password management
or secrets management solution that forces
applications and scripts to call (or request)
This includes shared admin, user, application
and service accounts, SSH keys, database
accounts, cloud and social media accounts
and other privileged credentials – including
those used by vendors – across your on-
22 INTELLIGENTCIO www.intelligentcio.com