In the previous post, we had highlighted the casual manner in which privileged passwords are shared among various works groups in enterprises.

Let us now analyze the security threats and drawbacks associated with the ‘casual sharing approach’ in detail:

  1. Anonymity in access: Every single privileged account will be accessed by multiple administrators, who, in reality, access the privileged mode anonymously. At the end of the day, all you will know is that someone has logged in as ‘Administrator’. But, who is that ‘someone’? This naturally leads to a kind of disorder in the enterprise, especially when a large number of administrators share the same account.

  2. Internal controls become fragile: Organizations might have secured their external face against attacks, but a still bigger attack might just be waiting to happen from within.

  3. Lack of accountability: Mistakes – accidental or intentional, could never be traced to individuals. Enterprises virtually lack accountability for actions.
  4. Threat to data security: If the text file or spreadsheet containing the shared administrative passwords reaches the hands of a malicious user, data security and business reputation would be thrown to winds.
  5. Lack of access controls: When passwords are not kept secret and revealed to others, the very purpose of having an authentication mechanism to grant access to the resources is defeated.
  6. Resource Lockouts: Passwords of the resources are often changed by one administrator without the knowledge of other administrators. Without close cooperation among administrators, day-to-day operations would become messy. Resource lockout events could become common.
  7. Threat to information security when admins leave the organization: Given the complex nature of sharing, it would be cumbersome to find who has access to what resources. When someone leaves the organization, changing all the privileged passwords of the enterprise is the only solution to rule out any possible access or intrusion by that person in future. In worst cases, if an administrator leaves without revealing a privileged password that was changed by him, the device/application might remain locked out for a prolonged period.
  8. Password resets – cumbersome procedure: Manually changing the passwords of the thousands of resources would demand ‘man-years’ to complete the task
  9. Problems in ensuring compliance to regulations: Government regulations, compliance policies and industry best practices mandate strict access controls, clear-cut role definition, frequent password rotation and comprehensive audit trails on ‘who’ accessed ‘what’ resources and ‘when’. The traditional approach has no provision for this.
The security and operational problems caused by shared administrative passwords are so obvious; but, no organization can afford to eliminate them altogether. Without compromising security, shared administrative passwords have to be used.

How to overcome these security threats and drawbacks?

Let us discuss that in the next post …

Bala
ManageEngine Password Manager Pro

Quick Video | Free Trial Download White Papers   | Success Stories