System administrators maintained a poorly protected database of privileged account passwords for multiple systems with only partial accountability. Furthermore, the passwords changed infrequently and new passwords could be created but not entered into the current database of passwords.
Privileged access without accountability could allow a system administrator to perform malicious actions against her employer’s most critical systems without the ability to identify who performed such actions. Uncoordinated password management actions could lead to critical system downtime.
We implemented a means for restricting the creation of privileged system administrator accounts on our customers’ systems, ensuring accountability when privileged system administrator accounts were utilized, and automated immediate password aging once an account was used with an interactive session.
By maintaining better control over the creation and use of privileged system administrator accounts, it sharply decreased the likelihood of accidental or purposeful disruption of critical IT services.