Essentially, the challenge for IT is having a good source of privileged account information that is continuously up to date. And they must combine that information with domain specific knowledge about where privileged accounts are used. That’s difficult to do manually at scale.
Large organizations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organization’s most critical data.
To gain a better understanding of what IT shops are doing to get a grip on their powerful privileged accounts, we polled attendees of the recent Microsoft TechEd 2013 Conference. We asked – “What has your organization done to try and manage privileged accounts?”
If you’re not already familiar with the issue of built-in passwords, you need to be. Many hardware devices come pre-configured with default credentials that might never get changed – and are publicly known.
A recent post in Slashdot referenced our password security survey, which found that out of 300 IT professionals surveyed, 26 percent admitted to using their privileged login rights to look at confidential information they should not have had access to in the first place.
A recent New York Times article, “A Strong Password Isn’t the Strongest Security,” offers a great assessment of the complacency of many IT security professionals. The assertion that password strength is not as important as protecting passwords against interception has some real validity. However, user logins are just one aspect…