Privileged Account Management

Governance around Privileged Account Management

Governance around Privileged Account Management

In today's day and age, Privileged account (read as accounts that can really create havoc) has become a nightmare to manage. While automation is required using tools like CyberArk, Arcos etc., it may not be sufficient. So how do you really provide governance around such accounts?
Firstly, we need to understand that there are different types of privileged accounts.

Privileged Accounts: Auditors have connected the dots...

Very recently, one of the Big 4 accounting firms cited its client with a SOX Significant Deficiency in controls due to excessive use of Privileged Accounts.  I can't say that this is the first time, but the implications are tremendous.  Historically, financial auditors have been uneasy with the relationship between infrastructure security and the integrity of financial applications and data.  They also need to be a bit courageous with their clients, as they have likely not made an issue of this in the past.
A Significant Deficiency in control is defined as: A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrantÔÇÖs financial reporting.  That is to say, the deficiency(ies) could have an adverse impact on the ability of a company to record, process, summarize and report financial information. 

Admin Privilege: To give or not to give

"Blessed are those who have privileges", Alice muttered while raising several tickets and request for change (RFC). She and her team consisting of 10 members had just started working on a new project and wanted to install several software, configure them, make some changes in registry, set environment variables etc. This meant a mammoth task of taking several approvals & maybe follow ups with her company's already overburdened IT support team.
To maintain security and comply with regulatory and compliance requirements her company followed the principle of least privilege (POLP) and provided a locked down environment to its employees.
Alice knew she could save time and effort if her team could just get administrative privilege. She raised a request to get the same.

Subscribe to RSS - Privileged Account Management