Don’t risk it: security success starts with controlling privileged access

November 27, 2020
Better visibility into privileged accounts may have stopped last summer’s Twitter breach. Today’s columnist, David Higgins of CyberArk, offers some insight on how breaches are caused when security teams overlook privileged accounts. (Credit: CC BY-NC-SA 2.0)
  • Built-in account access. Often referred to as system accounts, they are used to invoke a certain level of privileged access – typically full administrative capabilities – to a system or application. They deliver powerful levels of privileged access, and they are built into everything, can’t be removed and are required to administer an organization’s infrastructure and technology. Many times, these accounts are hard-coded with passwords that are difficult to change – making them an incredibly attractive target for attackers.
  • Technical and operational privileged access. This refers to the access that employees and teams need to do their jobs. Whether it’s a developer, a server administrator or a business user accessing SAP, each requires high-privileged access to a critical system to carry out their functions. Companies also give this level of privileged access to partners and supply chain vendors to interconnect systems for greater productivity.
  • Automation and application access. Machines and applications represent the fastest growing area of privileged access. As organizations push for greater automation of processes and human tasks, the volume of applications running business processes, like RPA, have dramatically increased. These systems and applications should access information and communicate with each other to work together and requires privileged access. 
prestitial ad