InfraMatix Identity Management Blog

Access Management Weak Spot: Are Your Privileged Accounts at Risk?

Posted by Veera Sandiparthi on Oct 27, 2016 3:00:42 PM

Privileged accounts are those within an organization's IT infrastructure that have more power than ordinary user accounts. Examples of privileged accounts might include Windows Administrator accounts, and accounts associated with router access. Such accounts are necessary for keeping IT processes running smoothly, and they are required in emergency situations as well. As you may imagine, access management for privileged accounts is extremely important.


To hackers, access to a single privileged account is better than access to multiple end-user accounts.

Yet, one 2016 survey found that 20% of organizations haven't even changed the default passwords on their privileged account, despite the fact that the overwhelming majority consider privileged access management a top priority. Many organizations allow privileged accounts and their passwords to be shared, and more than one-third of them use the same security for privileged accounts as they do for standard account access. Are the privileged accounts in your organization at risk?

Hackers Often Target Privileged Accounts

If a hacker has the opportunity to access a regular end-user account or a privileged account, he's going to target the privileged account, because these accounts allow users to exploit just about any part of a network, including sensitive or confidential information. At the same time, most organizations don't require approval for creation of new privileged accounts, and about half don't regularly audit privileged account access activity. The fact that a large chunk of organizations must demonstrate privileged account access management to remain in compliance with government regulations makes this particularly worrisome.

Why Privileged Accounts Are Difficult to Secure

Ironically, privileged accounts can be tougher to secure than ordinary user accounts. Rather than being associated one-to-one with a specific user, privileged accounts are often shared by multiple administrators. What happens when one administrator is fired and those left behind don't bother changing privileged account access credentials? The risks can be enormous.

Every organization with privileged accounts must have a system for privileged account access management to mitigate risks. This should include a policy that spells out specific steps that will be taken if one administrator leaves the company to avoid the possibility of a disgruntled former worker wreaking havoc.

Education of those with Privileged Account Access Is Critical


Those with access to privileged accounts must understand why access management is essential.

Strong access management for privileged accounts is important, of course, but also important is continued training and education of the people who have access to these accounts. Administrators must understand that they're not allowed to abuse access rights, and that if they do, they will face specific consequences.

Suppose a customer support supervisor, with access to personal customer data, decides to look up an ex-spouse's customer account in hopes of leveraging the information found there. The potential for abuse and misuse of data is significant. Keeping access management strong is important, but so is making sure everyone knows why access management is administered the way it is.

Identity Management and Privileged Account Access

Some access management products incorporate privileged account management, and this can be a smart way to approach the issue. For one thing, it allows the provisioning system to make real-time changes to who can gain access to accounts should the need arise. In the event of an administrator being fired, for instance, this can be the only prudent thing to do.

This type of access management can incorporate rules that prevent administrator access from being extended inadvertently. Suppose a system administrator moves from one company branch to another. The access management system can ensure that she can no longer access the accounts associated with her old location.

Examples of identity management solutions that incorporate tools for managing privileged account access include Oracle Management Suite Plus, Microsoft Enterprise Mobility, CA Technologies CloudMinder, and Okta. If you outsource identity management and access management, your provider can discuss which specific software solution makes the most sense for your requirements.

Access management must evolve continually to keep up with new threats, and CIOs and other executives must understand the importance of creating strong security around privileged accounts. Compromise of a user account is bad enough; compromise of a privileged account can cause damage on a much greater scale. Contact us today to discuss ways to protect your privileged accounts.

Read More

Topics: Privileged Access Management

The Evolution of Identity Management: Are Passwords on the Way Out?

Posted by Veera Sandiparthi on Oct 20, 2016 2:00:00 PM

The computer account password as an identity management (IDM) tool has been around since the mainframe era, and for many years, passwords offered sufficient security and were a decent identity management technique for the time.


The password may be everywhere, but that doesn't mean it's the best security solution.

Passwords are less secure than they used to be due to hacking techniques and the sheer brute force power of password cracking algorithms. So now, we have to have strong passwords, unique ones for every platform, and we're expected to keep them in our brains, though they shouldn't be easy to remember. When we're required to change passwords regularly and aren't allowed to reuse old ones, it's no mystery why people resort to writing them down.

More than two-thirds of security professionals think usernames and passwords are insufficient for secure identity management, and nearly three-quarters envision passwords being phased out within a decade. Fraud and account takeovers are major concerns of companies of all types and sizes, yet many people still use passwords that can often be cracked in seconds. A dictionary word with a number appended might take an hour for a hacker to crack. Fortunately, stronger identity management solutions exist.

Single Sign-On Identity Management

Single sign-on IDM is paradoxical because it can provide both enhanced security and easier access for authorized individuals. Users do not have to remember and type in multiple user IDs and passwords. With user identity data stored in one place, the single sign-on technique allows users to have strong passwords without having to record them anywhere, because they can access all applications for which they are authorized with a single, master password. Single sign-on can reduce IT maintenance costs and increase productivity while making the end-user experience better.

Multifactor Authentication for Added Security


Biometric attributes can be part of a multifactor authentication strategy.

But single sign-on isn't perfect. If there is a "master" login for each authorized user, and that master login information is compromised, a rogue actor could gain access to multiple applications and databases. Multifactor authentication combined with single sign-on technology can strengthen single sign-on. Multifactor authentication simply means that more than one criterion must be fulfilled to gain access to an app or system. The combination of credentials could be a password plus a card with a magnetic strip, a PIN plus a code sent to a phone, or any number of other combinations.

Account Reconciliation

Account reconciliation is more of a behind-the-scenes activity, but it's still important to identity management, particularly where passwords are still relied upon. Account reconciliation is the process of reconciling existing accounts to specific users. This allows for the discovery of "orphan" accounts, and can create a good starting point for determining who should have access to which resources. Account reconciliation may correlate accounts with users based on attributes like username, email address, or phone number, and it is an essential component of good identity management "hygiene."

In a decade, the concept of the password may seem quaint and outmoded. Indeed, many organizations are already going beyond the simple password to incorporate single sign-on, multifactor authentication, and other more secure methods of granting access to resources. Organizations that make the effort to strengthen security can expect to reduce costs, experience fewer security breaches, achieve better compliance with industry or government security regulations, and make the end-user experience better for employees. The time to implement robust identity management is before a security breach occurs, and it's important not to have a false sense of security just because passwords have never been compromised before.

Read More

Topics: Identity Management, IDM, Alternative methods of authentication

Top 5 Identity Management Problems of Financial Services CIOs

Posted by Veera Sandiparthi on Jun 12, 2015 8:12:00 AM

There are a number of identity management problems facing financial services CIOs. Not surprisingly, the majority of them concern security.  

Read More

Topics: Identity Management, identity management problems

Choosing a User Authentication Solution for Financial Services CIOs

Posted by Veera Sandiparthi on Jun 5, 2015 11:00:00 AM

In the increasingly challenging realm of providing services, yet maintaining security, financial services CIOs have to find user authentication methods that achieve both.

Read More

Topics: User Authentication

How Oracle Identity Manager Training Benefits Financial Services Firms

Posted by Veera Sandiparthi on May 29, 2015 3:00:00 PM

Oracle is a full-featured identity management suite that offers solutions for CIOs to automate IDM, prevent fraud, provide security and minimize risk, and provide for comprehensive auditing and reporting for compliance, including SOX.

Read More

Topics: oracle identity manager training

Comparing IDM Services for Financial Firms

Posted by Veera Sandiparthi on May 22, 2015 3:11:20 PM

Financial services CIOs face unique challenges in security and identity management that range from the need for higher security to the necessity of meeting regulations and compliance.  

Read More

Topics: IDM services

Best Practices for Financial Services User Passwords

Posted by Veera Sandiparthi on May 15, 2015 12:38:57 PM

With high profile security breaches in the news, financial services CIOs are under pressure to maintain customer and client confidence in their institution’s security policies.

Read More

Topics: security breach, password management

Oracle IDM Advantages for Financial Services CIOs

Posted by Veera Sandiparthi on May 8, 2015 1:09:11 PM

Financial services CIOs increasingly face new challenges in security and identity management. The rise of mobile and cloud applications and services in the workplace has made it more difficult to find reliable, secure identity management solutions.

Read More

Topics: Oracle IDM, Oracle Identity Manager

Why Financial Services CIOs Need Centralized User Authentication

Posted by Veera Sandiparthi on May 2, 2015 8:42:17 AM

Recent security breaches, and the issues and bad publicity they have caused, has financial CIOs reassessing their security and authentication protocols.

Read More

Topics: authorization

Top 4 Hybrid Identity and Access Management Solutions

Posted by Veera Sandiparthi on Apr 24, 2015 12:16:05 PM

Financial services CIOs and IT departments are facing new challenges with the growth of cloud-based applications and cloud-based infrastructure. How do you have any sort of identity and access management (IAM) when it is no longer just an intracompany issue, but consists of integrating on-site, cloud, and outside companies and vendors into the mix?

Read More

Topics: Identity and Access Management

Subscribe to InfraMatix Identity Management Blog