It's easy to set rules for handling privileged account passwords, but harder to ensure that they're being followed and that they meet best practice and security guidelines.
IT security specialist Thycotic is aiming to help organisations by launching a free online tool that demonstrates how companies compare to other, similarly-sized, organisations when meeting password management practices.
Privileged accounts have become valuable tools for hackers. In a study conducted in conjunction with the 2015 Black Hat Conference, 75 per cent of attendees surveyed revealed that privileged accounts are easier to compromise today than they were two years ago. These accounts, used by system administrators, third-party and cloud service providers, along with application and business users, exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system in operation today. Therefore, businesses of all sizes need to take their privileged account management (PAM) seriously.
"Many IT executives and security professionals have documented and trained their employees on how to protect personal passwords. However, in spite of the even higher vulnerability of privileged account passwords, not all IT professionals have knowledge of privileged account best practices," says Thycotic Founder and CTO Jonathan Cogley. "Furthermore, organisations that understand privileged account best practices often have no idea if those practices are being followed or if their current practices enable them to restore normal business operations within SLAs should a breach occur. Additionally, they have no understanding of how their practices compare to companies in their peer group".
The tool can be accessed on the Thycotic website and provides users with an immediate grade (from A to F) based on how well their privileged password security practices match up against PAM best practices.
Participants are able to quickly understand how and where to focus their time, money and resources in order to improve privileged account defenses.