It’s very easy for service accounts to fall off your radar. Virtually all organizations have some unknown service accounts and some have thousands.
Why do service accounts get lost?
- An employee leaves and the account is simply abandoned.
- The account is used less and less until it becomes obsolete and forgotten.
- Default accounts are left in place but not used.
Password management solutions alone aren’t sufficient to manage service accounts. Neither are Identity & Access Management tools. These solutions can help manage human accounts, but they won’t control non-human service accounts used for applications, databases, servers, appliances and root access.
Service accounts often have less oversight than human accounts, which makes them extremely vulnerable
These accounts are core to network security, network services, and IT automation. Ironically, though they wield the most power, these accounts often have less oversight than human accounts, which again makes them extremely vulnerable and dangerous.
So why are service accounts forgotten?
Managing accounts for different services, tasks, and other applications becomes impossible if it’s a manual process. If you don’t know where all services are running, you run the risk of bringing down other critical applications for the business. As a result, service and application passwords are often set to never expire and keep the same password for years.
Every unknown or unmanaged service account increases your risk and presents an opportunity for misuse or malicious behavior. An ex-employee who continues to have access could use it to perform unauthorized tasks. Current employees could find the account and access sensitive systems and data they may not be authorized to see or share. Or, a cyber criminal could find the account and penetrate your network to steal data or shut down operations. Because these accounts are unknown and unmanaged, months or even years could go by before you discover the damage.
PAM controls help enterprises reduce the risk of rogue service accounts
Below, you can hear directly from our customers as they share advice on using PAM to improve all aspects of service account lifecycle management including:
- Transparency and control over service accounts
- Creating and provisioning service accounts
- Credential management for cloud appliances and services
- Service account rotation and de-provisioning
- Audit and compliance requirements specific to service accounts
Watch how Thycotic customers measure success
Customers Discuss Service Account Management from Thycotic on Vimeo.
Check your own organization’s status
You can start planning your strategy for service account management and security by launching your discovery process for free.
Free tool: Privileged Account Discovery for Windows. Try it now.
Free tool: Privileged Account Discovery for Unix. Try it now.
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Barbara Hoffman. Read the original post at: http://feedproxy.google.com/~r/Thycotic/~3/jAJeLE5Niog/