Skip to main content

New Study shows Millions are being Hemorrhaged by Mismanaged Privileged Passwords!

Millions are being hemorrhaging every year by companies through hidden costs, security risks and compliance liabilities all associated with administrative, super-user or privileged passwords, according to a white paper by IDC and sponsored y Cyber-Ark Software entitled “Privileged Password Management: Combating the Insider Threat and Meeting Compliance Regulations for the Enterprise” (Jan 2007, #204906).

Sally Hudson, research manager for IDC’s Security Services and Identity Management Products program and author of the report comments on the privileged password dilemma "Our research shows that managing privileged passwords is a security conundrum," says. "Not only do privileged passwords pose a security threat, but maintaining, storing, changing and monitoring privileged passwords and their users is an expensive and daunting task. In particular, there are thousands of privileged passwords at all levels – devices, embedded, laptops, etc. – and the cost of changing them on a routine basis is difficult to do manually in any effective way. IDC estimates that it takes approximately $30 in man hours/labor to change the Sys-admin password on a single Microsoft Exchange Server."

"IDC believes that the risk can be significantly mitigated by implementing policies which demand special treatment for privileged passwords,” according to Hudson. “These include the ability to disable an employee’s system access promptly upon employee termination; enforcing a company-wide password change on a regular basis; and implementing reliable auditing and reporting systems. Furthermore, companies such as Cyber-Ark that offer a Privilege Password Management solution are well-positioned to assist organizations in preventing unwarranted insider attacks.”

Calum Macleod European Director of Cyber-Ark said “Privileged passwords are like a big taboo! When you talk to organizations they know they are there big security black-spot but just don’t know how to manage them! What companies should realize is that the IT guys who have access to the privileged passwords are the ones with all the power, they have the power to change accounts, see sensitive financial information and basically get to know everyone’s business without anyone really knowing what they are doing.

The worst problem is so many people within the IT department often are privy to the privileged passwords that when there is a serious breach or the system is sabotaged it’s very difficult to find out who it was. For many of the large financial institutions and other companies who need to protect their sensitive information such as utilities and pharmaceutical companies they have now begun using password management software which can automate, control and manage the privileged passwords, therefore putting the lid on what has otherwise and still is a very large can of worms.”

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.