As
companies grow, the job of monitoring account activity becomes tougher. In order to establish and maintain compliancy
and security, you need to plan a robust privileged account management policy. Creating accountability in the age of diverse
infrastructures, contract staff members, and outsourced cloud application
services is one of the top concerns for IT managers.
Privileged
accounts are those accounts with more access to add, change, delete and
otherwise alter data and configurations within the infrastructure’s critical
systems. These accounts are typically
held by members of the IT staff – the very people who have the ability to
monitor what everyone else in the company is doing. It goes without saying that the IT staff may
have the expertise to alter the logs in order to cover a covert attack attempt,
so it’s obvious why privileged account management is extremely important in
today’s environments.
When
developing a PAM program, your enterprise needs to start out slow. Be methodical in determining what needs to be
monitored and what compliancy regulations need to be followed. Inventory all privileged accounts, passwords
and access. Document any service
accounts or shared accounts and understand what each is used for, and who has
access to these. To make life easier,
establish a strict naming convention for all accounts to easily determine what
type of accounts they are. Your program
also needs to identify any accounts with too many credentials, and accounts
used across a wide range of systems.
Also make sure individual user accounts are audited regularly to ensure
people are not operating with too many privileges than what their job
description calls for.
Some key
requirements for auditing and logging privileged account activity include
capturing and collecting all user access, both externally and internally initiated
sessions. Encrypt your audit data both
in transit and in rest.
Make sure
that your audit logs support replay and search options. You may need to develop queries of your logs
during an investigation so ensure that these are easy to conduct.
Set up your
auditing so that only trusted devices can send information to the auditing
system.
Configure
all users who have access to the system with role-based access control. Never apply access directly to a person
without assigning a particular role.
The best
way to manage privileged accounts is to use a real-time auditing system that is
capable of logging account activity from all platforms, including Windows,
Linux and UNIX. Audits should not only
include the user account but also the date, time and any commands
executed. You need to protect your
organization’s sensitive and critical data, so you must have a reliable and
detailed auditing system within your infrastructure. This will help with investigations and legal
cases involving data loss and theft.
No comments:
Post a Comment