Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

November 20, 2014

  • Blog
  • Archive

Many IT organizations use shared accounts for privileged users, administrators or applications so that they can have the access they need to do their jobs. If managed incorrectly though, this practice presents significant security and compliance risks from intentional, accidental or indirect misuse of shared privileges.

Even for the savviest IT teams, the task of managing shared accounts introduces complexities and risks, including:

  • Embedded and hardcoded passwords present opportunities for misuse by both insiders and external attackers on the network.
  • Passwords for application-to-application and application-to-database access are often left out of management strategies.
  • Static passwords can easily leave the organization, and manual password rotation tends to be unreliable.
  • Auditing and reporting on privileged access is complex and time consuming.

Recent breaches exploiting privileged credentials have brought to light the imperative to improve control and accountability over access to shared accounts. So how do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices:

1. Deploy a single, hardened, appliance-based solution with broad platform support and functionality

Ensure your solution provider deploys their privileged password and session management solution (it really should be one) in a single hardened or virtual appliance that features broad support of operating systems, databases, applications, devices and directories. Remember, it’s more than just user passwords. Consider the complexity and risk of managing privileged passwords for service accounts, between applications (A2A), and to databases (A2DB). Everything your solution provider does should be about reducing the interfaces and administration required.

2. Discover and profile to give greater control

Leverage a distributed network discovery engine to scan, identify and profile all users and services – and then automatically bring the systems and accounts under management. Discovering and profiling all known and unknown assets, shared accounts, user accounts, and service accounts, and then placing them under intelligent rules gives greater control.

3. Monitor sessions with full playback

Your solution should record privileged sessions in real time via a proxy session monitoring service for SSH and RDP without revealing the password. DVR-style playback provides detailed auditing of shared account access, helping to meet password protection and audit regulations for compliance mandates listed in SOX, HIPAA, GLBA, PCI DSS, FDCC, FISMA, and others.

4. Make it easy on yourself by using standard desktop tools

Using standard desktop tools such as PuTTY and Microsoft Terminal Services Client ensures you can leverage commonly used management tools without the need for Java.

5. Gain greater insights through reporting and analytics

Look for a single pane of glass to collect, correlate, trend and analyze key metrics. Gaining greater insights – for example information on password age – helps to identify areas that require action.

There a multitude of solutions available to address the need of gaining greater control and accountability over privileged access. BeyondTrust PowerBroker Password Safe automates password and session management, providing secure access control, auditing, alerting and recording for any privileged account – from local or shared administrator to service to application accounts.

By improving the accountability and control over privileged access, IT organizations can reduce security risks and achieve compliance objectives.

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

The Guide to Multicloud Privilege Management

Webcasts

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.