Traditionally, privileged access management focused on just securing the credential or just securing the account – not both. With security breaches seemingly happening every day, there’s a shift that we want organizations to understand: in order to safeguard your critical systems and data against a breach, you need to control the access to the systems as well as the access to the accounts.
Step five in Bomgar’s unique Six Steps to Secure Access brings us to one of the most interesting areas of privileged access management – the securing of service accounts, or, what we like to think of as the management of business system up-time.
More often than not, we find that these systems might have the same service account credential for years. In fact, we recently visited a client that had some critical business systems that depended on taking credit cards and reservations, that are also crucial for their business. When we ran our credential discovery on those systems, we were shocked (and we think they were shocked too), to find credentials with passwords that were almost nine and a half years old. Now, these systems were so sensitive and critical for business that the IT ops team hadn't dared change them because if they changed them and those systems went down, there was a real risk of someone in IT being terminated. So, it's understandable (in some ways) why credentials such as these don’t get changed. However, the threat actors love it if they don’t get changed because that’s a credential that they can compromise, then sit on, and they can use with very little fear that they’re going to lose access to it.
So, as part of a robust, secure access strategy, we always recommend including mechanisms and technology to help you secure those service accounts. Check out this free on-demand webinar that shares more details on our six step methodology to help you build a successful defense-in-depth strategy for protecting your organization against today’s cyber threats.
Chris Herrin
Technical Product Manager
