News Categories
20Indeed Certificate Manager 27Releases 9certificate management 7PKI 10PKI management 9Indeed Access Manager 7access management 5authentication 2MFA 3multi-factor authentication 20Indeed Privileged Access Manager 12PAM 11privileged access management 7Release notes 3Indeed ESSO 11News 1#AccessManagement 1#IdentityManagement 2IAM 19Indeed CM 6Press release 1CA 1CertificateAuthority 1CertificateManagement 2CMS 2cryptovision 2Smart cards 2smartcardmanagement 4#RISK2019 43Events 7Uncategorized 3#mindshare 19Indeed PAM 4webinar 8Video 7Indeed AM 10partnership 20events 12Release 1BlackHatEurope2019 1Coronavirus 1COVID-19 3video 2Indeed Identity News 10news 1Corporate Systems 1All News 7Interviews 3interview 23Company news 1use case 3BusinessBreakfast 1AnalyticalReport 1IndeedPAM 1KuppingerCole 1Cryptonite 1Trustech 2IDCsummit 3it-sa 1conference 1GISEC 1IDC 1SITAfrica 1compliance 3Axidian Privilege 1all news 1Axidian CertiFlow 8Axidian Shield 6Identity Security 6ITDR 3GITEX 3BlackHatMiddleEast 1CyberX 2Zero Trust
News
Password management for privileged users is the best practice
Posted by anna.vlasenko on 29 April 2019 03:36 PM

Almost all of business critical data is stored in various information systems of a company. Business scaling leads to a need to delegate administrative responsibilities to subordinates completely or partially, or extend the privileges of top management employees. 

Therefore the heads of departments that use privileged accounts get access to additional confidential data. It is often the case that the access is granted without using a reliable system of controlling the privileged users. To increase informational security, the privileged users should use passwords unavailable to intruders. We all know that not every employee does so.

Informational security managers know that most of the employees ignore the rule of thumb for logical access to informational systems. This rule might be stated as “responsible and rational use of passwords”. However, as a rule, people do not use complex passwords complying to security policy. Moreover, they store their password in an unprotected, sometimes even in a publicly available place. Irresponsible attitude to password authentication method leads to unauthorized access to and illegal use of commercial information. No wonder that

“81% of breaches use either stolen or non-secure passwords”.

(As per Verizon Data Breach Investigations Report dated 2017, July 26th).

Therefore, the task of protecting the company information resources is of the highest priority.  There are several methods to prevent unauthorized access to corporate data. One of those is to use software password manager or free password storage system. However, insufficient functionality of such software does not allow for required result:

  • Still, a single-factor authentication is performed;
  • Passwords are still stored in a place with little to no protection;
  • Passwords are changed irregularly;
  • A password usually does not conform to security policies;
  • No strict personalization of all administrative accounts is present.

Also, such software might lack the automation of controlling the access to information system, as well as short term storage of data on what exactly has been done during privileged session and by whom. The said limitations make the work of information security service more complicated.

Only systematic approach to password management allows to solve these and other tasks related to privileged user management. Solutions of Indeed Privileged Access Manager are able to provide for such complex approach. The Indeed PAM supports the following features:

  • granular granting of permissions;
  • regular change of administrative passwords and keeping those in secret from user;
  • several types of account data and access protocols;
  • video and text recording of privileged sessions, as well as storage of records;
  • two-factor authentication before granting of privileged access;
  • keeping the register of privileged users;
  • an opportunity to terminate a privileged session by system administrator in case of revealed violations.

For more information about Indeed Privileged Access Manager and its features please visit our website.

visit our site

The post Password management for privileged users is the best practice appeared first on Indeed-ID Blog.
Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: