Security News > 2020 > January > Half Protected is Half Empty, Not Half Full

Even though most businesses have enforced stricter password strength policies in recent years, end users and privileged account holders often have too many passwords to remember.

Historically, many organizations - and analyst reports - have focused on Privileged Account and Session Management or in simple terms, a password vault, and not true PAM. By applying PASM, privileged root accounts are protected by vaulting their credentials.

Under a PEDM approach, specific privileges are granted on the managed system by host-based agents to logged in privileged users.

While a password vault is a first basic step in the right direction, organizations need to keep in mind that many administrators continue to circumvent best practices which includes using shared privileged accounts by checking them out of the vault at 9:00 AM and camping out all day.

"Don't break glass" is the ultimate approach to security, whereby administrators check out shared privileged accounts only for emergency situations.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/Ghs2X23P54A/half-protected-half-empty-not-half-full