In computing “Break Glass” is the act of checking out a system account password to bypass normal access controls procedures for a critical emergency. This provides the user immediate access to an account that they may not normally be authorized to access. This method is generally used for highest level system accounts such as root accounts for Unix or SYS/SA for a database. These accounts are highly privileged and break glass limits them by the password time duration, with the aim of controlling and reducing the account’s usage to that which is absolutely necessary to complete a certain task.
Want to learn more? Check out my on-demand webinar "Break Glass Theory: Designing a Break Glass Process to Provide Security for Privileged Accounts" View Webinar
Break glass is a quick means for extending a person’s access rights in exceptional cases and should only be used when normal processes are insufficient (e.g. the helpdesk or system administrator is unavailable). Examples of a situations when “break glass” emergency access might be necessary are account, authentication, and authorization problems. In many companies some critical tasks exist which – in exceptional cases – must be performed by a person not usually permitted to perform these tasks. For example, a junior physician would be able to perform certain tasks of a senior physician in case of emergency.
The break glass solution is based on pre–staged emergency user accounts, managed and distributed in a way that can make them quickly available without unreasonable administrative delay. The break glass accounts and distribution procedures should be documented and tested as part of implementation and carefully managed to provide timely access when needed.
A best–practice would place the pre–staged emergency accounts under the responsibility of an individual, such as an Emergency Account Manager, who would be readily available during operating hours and who understands the sensitivity and priority of the emergency accounts. This person would distribute the accounts with a sign–out method requiring that an acceptable form of identification be provided by the requestor and recorded before the accounts are made available.
A "Break Glass Process" would look something like this:
- A user performs a break glass checkout when they need immediate access to an account that they are not authorized to manage.
- In the break glass check out process, a notification message is sent to the Emergency Account Manager, informing her that a break glass check-out process occurred, however, she cannot approve nor stop the process.
- The checked out break glass account is recorded for audit purposes.
While the emergency account is being used it must be carefully monitored, and audited on a regular basis. Additionally, the system should alert the security administrator when an emergency account is activated. The administrator will make sure the account properly closes when done and a new account established.
The best way to manage a break glass account is through the use of a privileged access management (PAM) solution. PAM is all about locking “root” or “admin” credentials up in a hardened vault and tightly controlling access to them for increased security. Enterprise password management provides an extra layer of control over privileged administration and password policies, as well as detailed audit trails on privileged access. In addition to controlling the use, distribution and change of the break glass passwords, PAM solutions can also broker sessions to systems or databases so that the privileged user never even sees the passwords or credentials.
Using a break glass solution in your organization is a way to ensure that your critical systems are accessible when you need them most.
Want to learn more? Check out my on-demand webinar "Break Glass Theory: Designing a Break Glass Process to Provide Security for Privileged Accounts"