Have Users Log in as Themselves, While Maximizing Control Over Privileged Accounts

Our most recent product addition to the Centrify platform is Centrify Privilege Service — a security-as-a-service offering in the identity management sector that Gartner refers to as shared account password management. But you may be wondering if this changes our viewpoint on how to manage privileged identities in the enterprise, because we also have our Centrify Server Suite that provides what Gartner defines as “super user privilege management.”

The short answer is no — we believe Server Suite and Privilege Service together provide the most comprehensive privileged identity management solution in the market.

Let me use this blog to explain our view on privileged identity management, since this is clearlyUsers log in as themselves different from others in the market. In a nutshell, our recommendation to customers is to “have users log in as themselves, while maximizing control over privileged accounts.

To explain this further, let me first start with a simple video tutorial about the difference between individual identities and privileged accounts:

The video is very basic, but it highlights the key differences in security and control when users log in as themselves and perform tasks as themselves, versus when users checkout privileged account credentials that are shared to perform the same task.

We fundamentally believe that organizations should implement a least privilege model to reduce the risks associated with privileged identities.

The least privilege model is implemented with a combination of:

  1. Tying security controls to an individual’s identity, and
  2. Granting the individual user limited access to privileged accounts for specific situations.

Notice that I say that the access to the privileged account is limited and only for specific situations — this is clearly different from other vendors in the market, who advocate overuse of privileged accounts — we don’t. When we say “maximize control over privileged accounts,” we mean locking down privileged accounts so they are only used for specific situations and NOT for daily normal operational use.

We recommend an approach that defines least privilege for individuals, and when individuals need privilege, they temporarily elevate their rights and only have access to privileged commands for the task that they need to perform. We also recommend that customers move from identity silos for Windows and UNIX to unified identity across systems. This ensures that rogue employee access is limited because they have only one identity that is centrally managed. For privileged accounts, we recommend limiting access to all privileged account credentials.

Let’s look at an example.

When an Oracle database is installed on a UNIX server, a service account is created called ORADBA with full privileges to manage the Oracle database. This is the Oracle database privileged account. Let’s say Kieran is the Oracle administrator who should only be able to stop and start the database. By following the principle of least privilege, Kieran will be set up in the system as a regular IT user, with permissions so he can elevate his rights to run Oracle start/stop commands. During Kieran’s daily activities we recommend he login to the UNIX machine as Kieran. He will perform all his tasks as Kieran, and then elevate his rights so he can run the ORASTART command — and only the ORASTART command — to start the database. Kieran should only request access to the ORADBA privileged account when there is an emergency situation; for example, he needs to perform tasks outside of his normal routine.

An optimized risk profile for any organization is determined based on the business goals, market sector (finance, healthcare, etc.) and overall risk posture. The best practice we recommend to customers is to strategically define your least privilege model and minimize the sharing of privileged accounts for your organization, while auditing everything. As shown in this chart, our goal is to help customers move from a Poor Risk Profile to the Optimized Risk Profile for their organization.

Path to reducing identity-related risk for priv users

This approach is different from other vendors and critical for enterprises to follow in order to handle the sophisticated threat landscape we are all facing.

For more information about privilege management, read Forrester’s insightful study – Managing Privileged Access Security in a Hybrid IT World