BeyondTrust

Are you a cybersecurity recycler?

In the last few decades, we’ve learned some very hard lessons about recycling. Having “disposable” everything is not good for the environment, economy, or posterity. We all need to learn how to correctly recycle, reuse, repurpose, and dispose of material items.

The critical word in the previous paragraph is “material”. Some nonmaterial items should never be recycled, especially when dealing with cybersecurity. For instance, if you recycle passwords and accounts, you are potentially a “security recycler” and it could lead to unnecessary risks and unforeseen threats

Password Cycling versus Recycling

If you think that the term “cybersecurity recycler” is a manufactured catchphrase, you are partially correct. Nonetheless, nonmaterial items like passwords do have a cost to recycle.

While password cycling, a synonym for password rotation, is an IT security best practice for privileged credentials when it is executed with unique passwords; password recycling—the re-use of credentials—introduces a quantifiable risk and is a security taboo.

Choosing unique, never used before passwords provides far superior security, and only has a cost associated with the time, tools, and processes to actually change them. There is nothing material disposable—even if you use one time passwords (OTPs). Passwords (and accounts, for that matter) should be unique each time they are rotated/changed.

So, why am I making this the focal point of a blog? In the realm of information technology and cybersecurity, we recycle all the time. We recycle hardware, software licenses, as well as often overlooked items, like data storage and basic disk space. This recycling is all done in the name of efficiency and cost-effectiveness. Other items, as we have just covered, should never be recycled.

However, the practical problem most organizations face is how to avoid recycling passwords and accounts, and to keep them unique each time they are changed.

Eliminate Password Recycling & Enforce Password Security Best Practices

This is where BeyondTrust Password Safe comes in. The technology is designed to manage accounts and passwords and place your most precious ones—privileged accounts—under management. This means that an account’s name, password, and usage is all governed by an automated, immensely scalable solution and can be checked in / checked out and documented for usage with every session. In addition, the passwords can be automatically rotated such that password recycling never occurs and every system, account, and resource has a unique password. This protects against password re-use attacks, impedes lateral movement, and dramatically condenses your organization’s threat surface.

Finally, Password Safe has session management tools to record RDP and SSH sessions interactively when these accounts are used. This capability allows you to determine whether or not the account and passwords were used appropriately, providing a measurable benefit for meeting auditing and compliance standards.

The concepts of recycling in the material world help improve sustainability across our planet. Recycling of security technology can be cost-effective so long as we can ensure that the threats from previous usage are mitigated. Password and account recycling, however, should never occur and BeyondTrust can help ensure you do not succumb to the dark side of cybersecurity recycling practices.

Learn more about BeyondTrust Password Safe.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In: