Break Glass Theory: Designing a Break Glass Process to Provide Security for Privileged Accounts
Break Glass, within computing, is a term used to describe the act of checking out a system account password for use by a human user. Using break glass, the access controls in an application can be bypassed for a critical emergency. A user performs a break glass check out when they need immediate access to an account that they are not authorized to manage. This method is normally used for highest level system accounts such as root accounts for Unix or SYS/SA for a database. These accounts are highly privileged and not usually assigned to a specific human, so instead break-glass limits them by the password time duration, with the aim of controlling and reducing the account’s usage to that which is absolutely necessary to complete a certain task. This presentation will provide information and guidance that will allow decision makers and implementers to successfully utilize the break glass solution in their environments as an effective emergency-access solution.
In this on-demand webinar, join Cyber Security Expert, Derek A. Smith who will cover the following areas.
- Access Control Model general overview
- Break Glass Defined
- Examples of situations when ‘break glass’ emergency access might be necessary
- The Break Glass Solution
a. Pre-staging Accounts
b. Distributing Accounts
- Monitoring Use of Break Glass Accounts
- Maintenance After Break Glass Account Usage
- Break Glass Policy
- Privileged access management (PAM): Using PAM tools to protect shared accounts, superuser accounts, and all privileged user or application service accounts.