Managing the keys to your kingdom
JOHN WORRALL, CHIEF MARKETING OFFICER, CYBERARK SOFTWARE INC
Let’s start at the top. What are privileged accounts? Privileged accounts are the “keys to the IT kingdom”.
Whoever has control of these keys has access to that device or that particular part of the network. Every device that has an IP address has a privileged account, and that’s what used to deploy and manage that piece of technology. So it has all the power to turn a device on, turn off; decide who gets in, how the device is deployed. In the hands of a trusted individual, it works exactly the way it’s supposed to, but in the hands of the attacker, it’s devastating, because whoever controls the privileged accounts actually controls your business.
The challenges consumers face are almost identical to challenges security administrators face, which is the classic: “I have to have a password, I want it to be secure, but I want to make it easy to remember.” That’s a really hard thing to do.
But with everything being more interrelated, how do I know that I can trust my passwords and the services I use?
I’d say it comes down to “trust”. The organizations you deal with all need to have some internal solutions to deal with their security systems and passwords. As a consumer, you don’t have enough information to know what they’re doing, and even if they explained it, you probably wouldn’t understand half of it. So, basic practices to do are:
Keep your passwords in a secure place.
If you want to write them down, that’s great but don’t just leave them lying around. Keep them in a locked drawer or somewhere that no one else is able to get to.
One of the key ideas in enterprises is to segment credentials so no one password gives access to everything.
Do the same thing with your own