Awareness of the need for privileged identity management (or privileged account management or shared account management, if you prefer) has grown significantly in recent years. No doubt adoption of these products has been spurred by major regulatory compliance mandates and the spate of data breaches that have filled IT news sites over the past couple years.
To gain a better understanding of what IT shops are doing to get a grip on their powerful privileged accounts, we polled attendees of the recent Microsoft TechEd 2013 Conference.
We asked – “What has your organization done to try and manage privileged accounts?”
a) Look the other way and hope for the best – 16.2%
b) Use scripts and other ad-hoc processes to at least try and change privileged passwords – 40.5%
c) Store privileged passwords on spreadsheets shared amongst the entire IT staff and try to keep it up to date – 21.6%
d) Use a privileged identity management product – 21.6%
So what did we learn? The largest segment of respondents are still using manual processes to try and keep up with their privileged accounts – even though such methods can’t find and track every account in today’s large and dynamic enterprises.
But at least those who completely ignore the problem are the smallest segment of the group. Then again, if you consider that roughly 1 out of 6 IT professionals admit that they pay no attention to the management and security of their privileged accounts, all of the high profile data breaches we keep hearing about make more sense.