Open door policies – Problems with how privileged credentials are managed

A new survey takes a look at how IT professionals are managing privileged credentials and identity access. How does your network access management compare?

Privileged accounts are used to identify users with high-level network access. The login credentials of your administrators are an attractive target for bad actors. Too often, login credentials are shared among users like third-party vendors who need access to work in your ecosystem. Unfortunately, some privileged account practices amount to an open door policy.

A new survey of IT professionals suggests failure to manage privileged accounts gives hackers a ticket to ride around the globe. Conducted by Dimensional Research, the survey includes feedback from more than 900 national and international IT professionals with jobs that involve major responsibility for the security of their company or enterprise network. The survey covers a wide range of industry including tech, financial services, government, healthcare, manufacturing education, retail, utilities, and more.

Not surprisingly, privileged access to critical network infrastructure is not as tightly monitored as it should be—given the legal and regulatory vulnerability of any company that suffers data loss or malware attack. Just some of the takeaways from the survey include:

• Managing privileged accounts: Just over half of respondents use a digital password vault to secure login credentials on administrator accounts. In decreasing order, other forms of access management include software, internally built or coded tools, Excel or other spreadsheets or paper tracking (like a logbook). Three percent of respondents use no tools to manage privileged access to their network.
• Monitoring access: Approximately 43% of respondents log or monitor all privileged access to their network. Another 52% monitor some—but not all—network access and just five percent do not monitor or log use of privileged accounts at all.
• What about over-privileged users? Many companies give contractors, partners, and consultants more access than needed to their network. In the survey, 43% of IT professionals indicate they locate these accounts through regular audits, while 34% find problem accounts only when looking for them. Another 14% use tools that routinely and consistently evaluate appropriate use. The rest either do not use tools, or do not screen for over-privileged credentials.
• Passwords: Only about 14% change login credentials with each use, while 53% change passwords every 30 to 60 days. The remainder change passwords infrequently, never, or only when a possible security event arises.

No business can afford to ignore who is accessing their network, and why. When you share privileged credentials with third-party vendors you increase the risk of a breach or compromised data. A standardized remote access platform can mitigate these risks. When you need a secure solution, contact us at SecureLink. We can help.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.