Article
Seven Types of Privileged Accounts That Require Strong Security
In our last post, we explained the difference between privileged identity management (PIM) and privileged access management (PAM). PIM involves the identification of administrative accounts, which already exist on systems, and the association of individual users with those accounts. PAM secures privileged credentials and ensures they are used in accordance with established policy. We also defined the term “privileged,” which means that the holder of the credentials (human or machine) has the ability to take administrator-level action on a system.
Clango’s team of consultants and engineers can help identify gaps in your PIM policies and processes and prioritize your threat mitigation activities. When you’re ready to implement PAM, we can help you deploy CyberArk’s Core Privileged Access Security solution, including the Enterprise Password Vault, Privileged Session Manager, and Privileged Threat Analytics. We can also help you take advantage of Application Identity Manager to eliminate embedded credentials in software.
To lay the groundwork, let’s define the seven types of privileged accounts that are present in most environments:
- Domain administrator accounts give administrators virtually unfettered access to all resources on a network — domain controllers, servers, and workstations. This is the holy grail for hackers and therefore requires the highest levels of security.
- Emergency access accounts prevent administrators from being totally locked out of a system. These highly privileged accounts are not assigned to specific individuals and are only meant to be used when absolutely necessary.
- System accounts are created by operating systems when they are installed and allow a user to add users, change permissions, install software, and more. The “root” account in Unix or Linux is an example of a system account.
- Service accounts are used by applications and services, rather than human administrators, to run various processes and scheduled tasks. You can establish controls over the resources a service account is allowed to access.
- Application accounts enable applications to run cron jobs or scripts and to access databases and other applications. The credentials for application accounts are often embedded in the software in plain text.
- Local administrator accounts give administrator-level access to a local machine. They are used by IT staff to set up new workstations and perform maintenance. Individual users may also be given administrator privileges on their workstations.
- Privileged user accounts are any other type of account that gives a user privileges greater than a standard account.
Few organizations are aware of all the privileged accounts across their environment, so a critical first step in developing a PIM strategy is to identify them. A great way to do that is to run a CyberArk Discovery & Audit (DNA) scan. CyberArk DNA locates privileged credentials and provides executive and technical reports on potential risks.
The organizations we work with are often surprised at the number and variety of privileged accounts in their on-premises, DevOps, and cloud environments. Don’t be caught off guard. Let us help you secure these accounts and reduce the risk of a potentially devastating security breach.
For more information about PIM and CyberArk Discovery & Audit (DNA), please send us an email at (info@clango.com).
Comments Closed.
- January 2021
- October 2019
- September 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- March 2018
- February 2018
- January 2018
- December 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- July 2016
- October 2015
- August 2015
- June 2015
- February 2015
- September 2014
- July 2014