Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

11/9/2015
02:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Dell Survey Shows Haphazard Privileged Account Management Practices Expose Businesses to Serious Risk

76 percent of global survey respondents believe better control of privileged accounts would reduce the likelihood of a security breach

ROUND ROCK, Texas--(BUSINESS WIRE)--Quest today announced the results of a global security survey that reveals organizations have haphazard processes for managing administrative or other privileged accounts, making businesses vulnerable to security breaches. Responses from IT security professionals around the world reveal that 76 percent believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it. In fact, almost 30 percent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these manual processes prone to error and easily compromised, they impede quick resolution in time-critical situations.

Eighty-three percent of survey respondents face many challenges with managing privileged accounts and administrative passwords, ranking the following as the top three most critical privileged account management (PAM) challenges facing their organizations:

1.    Default admin passwords on hardware and software are not consistently changed (37 percent)

2.    Multiple admins share a common set of credentials (37 percent)

3.    Inability to consistently identify individuals responsible for administrator activities (31 percent)

Although more than 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organization, only 26 percent said they change admin passwords monthly on mission critical systems and devices

Lack of well-defined password and reporting practices present challenges

Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organizations. However, less than half say they have a regular cadence of recording, logging or monitoring administrative or other privileged access. The lack of a standard, enforced approach, coupled with a multitude of software tools and manual processes for managing privileged accounts, makes the business susceptible to hackers, and exposes corporate data to possible breach.

Prevention of both breaches and insider attacks has become a major driver for the adoption of PAM solutions. According to a recent Gartner “Market Guide for Privileged Access Management” report, “adoption of PAM products by organizations is often partial, leaving gaps that translate to risk.” It notes that “prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency. And by 2017, more stringent regulations around control of privileged access will lead to a rise of 40% in fines and penalties imposed by regulatory bodies on organizations with deficient PAM controls that have been breached.”1

Dell offers best practices for securing privileged accounts and alleviating risk to the business

A successful privileged account management strategy should take an integrated approach to addressing PAM challenges. Dell offers the following best practices for implementing an automated, controlled approach to privileged access management that secures the business today and alleviates risk:

1.    Take an inventory of the organization’s privileged accounts, including users, and the systems that use them.

2.    Ensure that privileged passwords are stored securely, and enforce strict requirements for access request and change management processes for privileged passwords.

3.    Whenever possible, ensure individual accountability and least-privileged access.

4.    Log and/or monitor all privileged access.

5.    Audit use of privileged access on a regular basis.

Supporting Quote:

John Milburn, executive director and general manager, Identity and Access Management, Dell Security
“Privileged accounts really are the ‘keys to the kingdom,’ which is why hackers seek them out and why we’ve seen so many high-profile breaches over the past few years use these critical credentials. To alleviate this risk and ensure these accounts are controlled and secured, it’s absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches. Dell Security solutions cover the entire range of customer needs, including privilege safe, delegation/least-privileged access, and audit and monitoring, along with significant, integrated adjacent technologies for Active Directory bridge and multifactor authentication.”

About the Survey:

The Dell-commissioned survey by Dimensional Research captured hard data about experiences with and attitudes towards managing privileged accounts and administrative access across the business. The survey of more than 560 IT technology professionals responsible for security was conducted across the United States, United Kingdom, Germany, Australia and New Zealand.

Supporting Resources:

·         On Demand Webcast: Inconsistent Privileged Account Management Practices Expose Business to Risk

·         Twitter: http://www.twitter.com/dellsecurity

·         Facebook: http://www.facebook.com/dellsecurity

·         LinkedIn: https://www.linkedin.com/groups/52461

·         Dell Software YouTube: www.youtube.com/user/DellSoftwareVideo

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21441
PUBLISHED: 2021-06-16
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS A...
CVE-2020-9493
PUBLISHED: 2021-06-16
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
CVE-2021-28815
PUBLISHED: 2021-06-16
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link vers...
CVE-2021-3535
PUBLISHED: 2021-06-16
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. ...
CVE-2021-32685
PUBLISHED: 2021-06-16
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-5...