5 Steps to Auditing Administrator Access Rights

Accounts with administrative and elevated privileges are necessary for both business and IT functions, but they represent a significant risk to your organization. In the hands of a careless or malcontent insider or an adversary, privileged credentials open the door to data breaches, infrastructure outages and compliance violations.

According to Forrester, a staggering 80% of data breaches involve privileged accounts. The key to reducing this risk is a modern approach to privileged access management (PAM). Instead of trying to keep hundreds or thousands of powerful accounts from being misused using strategies like password vaults, it enables you to reduce the number of privileged accounts that exist to the absolute minimum — thereby dramatically reducing risk. Here are the steps to take.

Step 1. Discover all accounts with privileged access

The first step is to uncover all your privileged accounts. Some accounts are easy to identify, such as those that are members of powerful security groups like Domain Admins. But some are less obvious; in fact, it’s estimated that in most organizations, over half of all privileged entitlements are unknown. It’s especially easy to forget lower level admins like DBAs and business users with access to highly sensitive data or systems.

To simplify the work, consider sorting all your user accounts into the following groups:

• Administrator/Root/Super User
• Infrastructure/Application/Power User
• CEO/CFO/CISO/Senior Business User
• Staff/Ordinary User

Step 3. Work with owners to understand the purpose of each account

Interview the owner of each privileged account to understand what it is used for and what access rights it requires — and whether it is even still needed. Here are some questions you might want to ask:

• What is the purpose of the account? What is it used to do?
• Are the privileges it has necessary to perform those actions?
• If the account is shared by multiple people, how is individual accountability ensured?

Step 4. Remove accounts that are no longer needed

With signoff from account owners, remove privileged accounts that do not need persistent access, starting with the most critical resources first. To prioritize, consider factors such as:

• Which resources the account can access — For example, an account with access to a domain controller is more critical than one used to manage print servers.
• Where those resources reside — An administrative account for a test lab is probably less critical than one in the production environment.
• The sensitivity of the resources —Does the account have access to regulated financial data or personal health records, or to vital applications like your CRM or ERP?

For accounts that cannot be removed, reduce their access rights to the minimum required to perform their function. Note that service accounts in particular are often over-provisioned.

Step 5. Implement zero standing privilege (ZSP)

Now you’re left with a set of privileged accounts that you know actually serve a purpose. But even though they are used only occasionally, they are at risk of being misused 24/7.

With a modern PAM solution, you can replace these risky standing privileges with just-in-time (JiT) access. There are two methods for implementing JiT:

• Ephemeral accounts — When a user needs to perform a task that requires elevated rights, create an account that exists just long enough to complete the task.
• Temporary privilege escalation — Alternatively, grant the user’s existing account the necessary privileges to perform the task and remove them as soon as the task is complete.

How Netwrix Can Help

Netwrix’s Privileged Account Management solution provides dynamic and continuous visibility into privileged accounts across all endpoints, allowing organizations to shrink attack surfaces with continuous discovery and removal of unmanaged privileges. Our solution replaces conventional privileged accounts with just-in-time privileged access, ensuring heightened security without compromising administrator productivity. By monitoring and recording privileged user sessions, Netwrix Privilege Secure facilitates investigations, fulfills audit requirements, and establishes accountability. This solution also empowers organizations to visualize, analyze, and manage their attack surface through tailored dashboards, eliminating a gap in accountability and security without sacrificing convenience for users.

Achieving privileged access bliss

By uncovering all the privileged identities in your IT ecosystem and replacing them with a ZSP approach, you can dramatically reduce risks to security, compliance and business continuity. After all, if a privileged account doesn’t exist, it can’t be compromised.