Articles

Privileged Access Management

By November 16, 2021 No Comments

*By Gerson Lemos

Companies have several systems and applications, these need to be managed and managed constantly. Some accounts and users require specific administrative privileges or access that are used by responsible and restricted personnel. They are often used by developers, system administrators, programmers, etc.

Some examples are:

  • privileged accounts;
  • service accounts;
  • administrative accounts.

Importance of these accounts/users for corporations

Companies use these accounts/users to perform the administration and maintenance of their environments and systems. It is extremely important that the credentials of these accounts are protected, to prevent them from being targets of attacks and malicious access, thus compromising the security of the company's data and information. Unfortunately, in many corporations, it is common for users to share their access credentials, but this action is not in line with security principles and good practices, as it presents a very high risk for the company. individually created access credential.

Some methods for more efficient management and protection

For the creation and maintenance of these accounts, we must follow some very important methods:

– Require from the applicant a detailed justification for access;

– Inform a owner responsible for the account, usually an area manager or designated user;

– Request analysis and approvals from those responsible for the requested application/system;

– Assess with the Information Security team what the risk is when granting this access and requesting the appropriate approval and risk assessment.

Periodically, it is necessary to request the password change of these accounts, to avoid possible malicious attacks or unauthorized access.

Auditing is a method that guides companies to follow the norms and standards, establishing criteria and pointing out possible failures in the process of granting these accesses, thus avoiding a failure in this control.

Conclusion 

Very effective methods and controls help organizations build a security vision. Structuring good management, enforcing the protection of your systems, data and information increases business maturity. Building an effective control for the access management process prevents risks, fraud or damage from occurring in a timely manner.

It is extremely important to carry out an effective and safe management of these accounts, following the guidelines established in rules and procedures aligned with the aim of preventing irreversible losses and damages from materializing in organizations.

— Gerson Lemos is GRC and Information Security Consultant at [SAFEWAY]

About Safeway:

THE SAFEWAY is a company of Information security, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet the needs of the business. In these years of experience, we have proudly accumulated several successful projects that have given us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.

Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!