- Centralised administration: Often, different IT groups control different pockets of passwords. It's important to take steps to create a centralised policy, procedures and enforcement mechanism. Otherwise, there is no way to ensure that each business or technical unit is doing its best to protect the keys to the kingdom.
- Secure storage: Administrative passwords should be securely stored in a way that offers strong authentication, granular access control, encryption and auditing to safeguard every password.
- Worldwide secure availability: At the same time, remote access is also critical. With today's distributed enterprises, administrators need access beyond network boundaries, where they can securely access and share passwords from anywhere within or outside the enterprise network.
- A dual-control mechanism: This would require two or more administrators to access passwords to the most sensitive or vulnerable servers.
- Routinely change passwords and track history: In addition to secure storage, the only way to ensure the long-term security of passwords is to alter them routinely.
- Intuitive auditing: As passwords are used, changed or added, organisations will need to audit the whereabouts and use of passwords without poring over log files. Regulatory compliance measures are also driving routine auditing and tracking of access to vital systems.
- Disaster recovery plan: Administrative accounts play a major role in recovering from incidents that range from a simple problem to a full off-site disaster recovery. Look into technologies for automated, safe replication of vital administrative information that can guarantee the availability of those accounts in time of need.
- Provide a "safe haven" or vault within the network where all administrative passwords can be securely archived, transferred and shared among IT staff, on-call administrators, as well as administrators in the field.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.