The Essentials Series: Managing Access to Privileged Accounts

by Ed Tittel


Managing access to privileged accounts is a hot button issue for all organizations, especially those subject to compliance or due diligence information security requirements. Learning how to properly manage privileged access to corporate resources mitigates a major source of potential risk and exposure. In The Essentials Series: Managing Access to Privileged Accounts, author and industry veteran Ed Tittel discusses the basic vocabulary and issues involved in managing privileged access to corporate networks and information systems. He reveals the key elements required for regulatory compliance for several industries including finance, health services, government, and more, as well as a set of best practices for bringing privileged account and session usage to heel.


Article 1: Understanding Account Access Management

The issues that surround privileged accounts have to do with tracking and monitoring system activities and setup and configuration to assign individual responsibility. Privileged account access must be carefully managed, properly tracked and audited, and conflicts avoided, particularly when multiple administrators share common privileged accounts. Likewise, it’s essential to manage access to systems and infrastructure elements so that authorized users can see and touch only those elements that are relevant to their job responsibilities. In addition, users should be made keenly aware that they will be held accountable for all activities and changes, which will be recorded and archived.

Article 2: Privileged Password Management Systems

Privileged accounts must be used to set up and configure information systems and network infrastructure elements to manage related access controls, handle updates and security fixes, and protect and manage mission-critical applications and data. Privileged account management enables companies and organizations to track exactly who did what and when, and what kinds of accesses and changes were made. Privileged account management not only supports audit and regulatory compliance requirements but also enforces individual accountability and responsible behavior.

Article 3: Privileged Session Controls

Privileged sessions enable users outside an organization’s network periphery to obtain privileged access to information systems and network infrastructure elements. Establishing control over such sessions is essential to maintaining proper information security and for compliance with established mandates, regulations, and best industry practices. Privileged session controls not only ensure that authorized individuals can access only those resources and infrastructure elements that their duties require but also log activity and system interaction to track all activity while a privileged session is active.