Using a Break Glass Process to Provide Security for Privileged Accounts

What Does Break Glass Mean?

Link copied

In computing, “Break Glass” is the act of checking out a system account password to bypass normal access control procedures for a critical emergency. This provides the user immediate access to an account they may not normally be authorized to access. This method is generally used for highest-level system accounts such as root accounts for Unix or SYS/SA for a database. These accounts are highly privileged and break glass limits them by the password time duration, with the aim of controlling and reducing the account’s usage to only when necessary to complete a certain task.

When do you Use a Break Glass Process?

Link copied

Break glass is a quick means for extending a person’s access rights in exceptional cases and should only be used when normal processes are insufficient (e.g., the helpdesk or system administrator is unavailable). Examples of situations when “break glass” emergency access might be necessary are account, authentication, and authorization problems. In many companies, some critical tasks exist which—in exceptional cases—must be performed by a person not usually permitted to perform these tasks. For example, a junior physician would be able to perform certain tasks of a senior physician in case of emergency.

The break glass solution is based on pre-staged emergency user accounts, managed and distributed in a way to make them quickly available without unreasonable administrative delay. The break glass accounts, and distribution procedures should be documented and tested as part of implementation and carefully managed to provide timely access when needed.

A best-practice would place the pre-staged emergency accounts under the responsibility of an individual, such as an Emergency Account Manager, who would be readily available during operating hours and who understands the sensitivity and priority of the emergency accounts. This person would distribute the accounts with a sign-out method requiring an acceptable form of identification to be provided by the requestor and recorded before the accounts are made available.

An Example of a Break Glass Process

Link copied

A "Break Glass Process" would look something like this:

1. A user performs a break glass check-out when they need immediate access to an account they are not authorized to manage.
2. In the break glass check-out process, a notification message is sent to the Emergency Account Manager, informing them that a break glass check-out process occurred. However, they cannot approve or stop the process.
3. The checked-out break glass account is recorded for audit purposes.

While the emergency account is being used, it must be carefully monitored and audited on a regular basis. Additionally, the system should alert the security administrator when an emergency account is activated. The administrator will make sure the account properly closes when done and a new account established.

How Should You Manage a Break Glass Account?

Link copied

The best way to manage a break glass account is using a privileged access management (PAM) solution. PAM is all about locking “root” or “admin” credentials up in a hardened vault and tightly controlling access to them for increased security. Enterprise password management provides an extra layer of control over privileged administration and password policies, as well as detailed audit trails on privileged access. In addition to controlling the use, distribution, and change of the break glass passwords, PAM solutions can also broker sessions to systems or databases so the privileged user never even sees the passwords or credentials.

Using a break glass solution in your organization is a way to ensure your critical systems are accessible when you need them most.