infographic
Brian Chappell, Director, Product
Management at BeyondTrust,
explains the best practices
and benefits of privileged
password management.
PRIVILEGED PASSWORD
MANAGEMENT BEST
PRACTICES AND BENEFITS
Privileged password management
refers to the practice and techniques
of securely controlling credentials
for privileged accounts, services,
systems, applications, machines and
more. The ultimate goal of privileged
password management is to reduce
risk by identifying, securely storing
and centrally managing every
credential that provides elevated
access. Privileged password
management works hand-in-hand
with implementing least privilege and
should be a foundational element of
any organisation’s privileged access
management (PAM) initiatives.
Whereas in decades past,
an entire enterprise might be
sufficiently managed through just
a handful of credentials, today’s
environmental complexity means
privileged credentials are needed
for a multitude of different privileged
account types (from domain admin
and sysadmin to workstations with
admin rights), operating systems
(Windows, Unix, Linux, etc.),
directory services, databases,
applications, cloud instances,
networking hardware, Internet of
Things (IoT), social media and more.
Most likely, achieving holistic
enterprise password management
will follow the course of a graduated
approach but it’s essential that you
focus on these eight areas.
Discover all
privileged accounts
This includes shared admin, user,
application and service accounts,
SSH keys, database accounts,
cloud and social media accounts
and other privileged credentials –
including those used by vendors –
across your on-premises and cloud
infrastructure. Discovery should
include every platform.
Bring privileged credentials
under centralised management
Optimally, the onboarding process
happens at the time of password
creation or otherwise shortly
thereafter during a routine discovery
scan. Silos of individuals or teams
(i.e. DevOps) independently managing
their own passwords are a recipe for
credential sprawl and human error.
Implement password rotation
Rotation policies should address
every privileged account, system,
networked hardware and IoT device,
application, service, etc. This reduces
the threat window for password
reuse attacks. Passwords should be
unique, never reused or repeated and
randomised on a scheduled basis, upon
check-in or in response to specific
threat or vulnerability.
Implement privileged
session management
These solutions ensure complete
oversight and accountability over
privileged accounts and credentials.
Privileged session management refers
to the monitoring, recording and control
over privileged sessions.
Bring non-human/machine
credentials under centralised
management
Simply put, this requires deploying
a third-party application password
management or secrets management
solution that forces applications and
scripts to call (or request) use of the
password from a centralised
password safe.
22 Issue 26 | www.intelligentciso.com