Privileged access users have been identified as crucial components at the frontline of data security. However, several high profile breaches point to the lack of protection and management of these users’ accesses and identities. Organizations need to understand this is a role that should not be ignored or taken lightly.
Who are the privileged access users? They are not just IT managers or administrators who have access to systems within an organization. They are third-party vendors, contractors, or consultants. Most often privileged users are also tools driven by scripts/programs that access databases or applications for sensitive information.
The problem arises when a privileged access user has rights to several accounts within an organization. If an attacker gets in using this user’s credentials, the extent of damage can reach deep into the network.
What dangers do privileged access users pose?
- They hold the key to sensitive information and have easy access to everything in the network, quite possibly the card data environment. If they do not pay particular attention to the use of passwords or ids, then they make the attacker’s job simple. So, use of sophisticated passwords are important.
- Frequent change of passwords is a mandate. Organizations may not practice this due to practical difficulties. But failure to follow this rule makes the job of a hacker so much easier.
- Privileged access users should never share their passwords. Many groups share usernames/passwords such as admin/1234 making it difficult to track and log activities.
- Poor segmentation allows a privileged user to have access to too much information within a network. This makes it an effortless target for hackers. Once they are in, they can heighten privileges and have easy passage to any area of the network.
- Sometimes privileged users may bypass being monitored or logged. Lack of monitoring or logging gives nothing to go on if an account is compromised.
How do you manage privileged access users?
- Make two-factors or multiple-factors of authentication a requirement. The cost of imposing this will outweigh the risks associated with a breach incident.
- Restrict privileged users to access only during certain times of the day.
- Restrict access to systems based on a user’s login source.
- Understand and practice proper protection of passwords. Multiple users should not share a password.
- A recommended practice is to have a privileged access credentials safe. Keep the credentials encrypted and locked away.
- The best option is to automate the process so that password rules on changes, duration, access, and security are part of the mechanics.
Why monitoring and logging?
Monitoring, logging and alerting are to provide the administrators an early warning sign of an attempted breach. Response and reaction times are quicker, the parsing of logs in the context of other system activities raise a red flag before a breach takes place. If a breach does occur, the logs are used by forensics for their investigation. The log information provides a retailer critical information to help prevent future incidents. As mandated by PCI 3.1, logs need to be maintained on a rolling basis for 365 days.
Omega does it right
Monitoring, logging, alerting, two factors of authentication, password management, patch updates, remediation, policies and procedures documentation for PCI compliance are all the critical areas Omega covers to help a retailer stay secure and compliant. All activity and event logs are centralized and automated. Unusual and suspicious behaviors are alerted and addressed immediately. Through the internal scanning capabilities using the Omega Appliance, and other security measures offered through our solutions, almost all compliance requirements are addressed by Omega.
What do you get out of using Omega?
The certainty and peace of mind that you have the best data security solutions and services a managed security service (MSSP) can offer. Combined with the expertise of Systems Engineers and Security Strategists the chances of a breach at your stores are minimized considerably. A retailer will get through Qualified Security Assessor audits faster and successfully. Moreover, the years of experience working with retail data security, affiliation with POS vendors, PCI Council, and other organizations keep Omega on the cutting edge of technology, processes, delivery, security, and continuous compliance.
Reach out to us at 636-557-7777 or email Security@OmegaSecure.com.