I ask MSPs: How secure are the clients’ passwords you manage today?
As an MSP you must meet special security needs because you hold critical privileged passwords, not only your own organization, but for your clients’ as well.
Do you have an accurate answer for these questions, or are there some unknowns in your organization?
- Who, in your company, was the last person to access their passwords?
- After your last IT Admin left, did you change every single one their passwords?
If you don’t know the answer to either of those questions with absolute certainty, you’ll want to read on. I want you to understand, unequivocally, the importance of privileged account management and what steps you must take now to start managing your clients’ passwords correctly. Best part, almost all the steps include automation.
Download our free MSP Guide to Privileged Account Management
Stop what you’re doing and lock down your clients’ passwords now
The 2017 Verizon Data Breach Investigations Report (DBIR) found that 81% of attackers used legitimate user passwords and other credentials to breach systems—up from 63% the previous year.
Think about this: if an intruder compromises just one of your privileged credentials, they’ll have free rein to access your business-critical accounts, and worse—your clients’ privileged credentials. Now you aren’t just looking at having to clean up your own network, but you’re liable for your clients’ too. Say goodbye to your credibility as an MSP, and to any affected client.
Starting today, audit access to EVERY SINGLE client account
How are you auditing access to your clients’ privileged credentials today?
Centralizing your password management will drastically reduce risk
Unless you have a centralized tool, there is no way you can be 100% certain who is accessing which credentials and when. Centralizing your password management will drastically reduce risk. It assures full accountability by associating each of your IT Administrators and privileged accounts with the credentials they accessed.
This becomes extremely helpful when one of your IT Admins leaves. Immediately pull the history of the credentials he has accessed and change them instantly. Now you can provide your clients with a guarantee that all credentials have been changed. If that doesn’t give you peace of mind, I don’t know what will.
IT Admins wield a lot of power, and hackers know this
IT Admins don’t realize the power they hold with the sensitive servers they manage. And you can bet that hackers take full advantage of this.
If you’re using Excel spreadsheets for password management you’ve probably already been breached—you just don’t know it
If you’re still allowing the use of Excel spreadsheets for password management, you are putting your company and clients’ businesses at extreme risk. In fact, you’ve probably already been breached—you just don’t know it. Excel was never intended to be a password manager, and there’s nothing a hacker relishes more than a ‘secure’ spreadsheet full of passwords.
This takes me to my next point: take a least privilege approach to managing access.
Not all admins should have access to all credentials. By using a centralized enterprise password management solution you gain full control. Lock down accounts by granting access only on a case-by-case basis.
An MSP’s best friend: automation
Installing a password management solution does not mean death to productivity. Actually, you’ll find the exact opposite.
“I used to say, ‘I don’t want to see passwords written down in your notebook!’” With Thycotic Secret Server, they are more successful at enforcing best practice rules because the solution is a “pleasure to use.” -CTO US-based Managed Service Provider
Read the full case study: “MSP adds employee efficiency and cost savings through Thycotic’s privileged account manager”.
Get a solid system in place and you’ll realize how much more you can get done in a lot less time. For one, you don’t have manually change passwords to meet compliance and security requirements. Set your vault to automate the process based on your password requirements.
Generate custom reports for your clients
Need to provide detailed reports to your client on meeting security requirements around password security? Generate reports automatically based on password usage and how frequently passwords are changed, directly through the tool. And if certain clients have specific password requirements, set up their report just once, and know you are meeting this mark.
Don’t be overwhelmed by password management
Small steps can drastically improve your security posture. Get started with our free MSP Guide to PAM now and see how you can implement a privileged account management plan today.
ALSO READ: The Three Things Every MSP Must Do
This is a Security Bloggers Network syndicated blog post authored by Jordan True. Read the original post at: Thycotic