Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

UK Organisations still Haunted by Group Admin Accounts

Osirium, a leader in Privileged User & Infrastructure Management has today warned businesses about continuing with the use of Group Admin accounts after an independent, security focused research report found many organisations still issue them, despite the fact that they pose a significant risk to businesses whilst also contravening best practice and compliance requirements.

The report found that just 40% of organisations attempted to control the use of Group Admin accounts but more worryingly, 10% of respondents also confessed that they had no way of controlling them.

David Guyatt, CEO at Osirium, said “From the conversations that I am having it’s immediately apparent that most organisations recognise that Group Admin accounts are a security risk, but IT departments just don’t have the resources to create, manage and revoke all those personalised privileged accounts across their entire infrastructure.  This creates a numerous operational issues but most critically opens the organisation up to the risk of both internal and external attacks.”

The research, undertaken by Quocirca, on behalf of Osirium, also highlights the impact that the use of Group Admin accounts can have on compliance requirements, which clearly states that when a specific action is carried out the individual performing that task needs to be identifiable.  IT security regulations and standards make strong statements about the use of privileged access to such group admin accounts. One of the controls in the IT service management standard (ITSM) ISO270001 states that “the allocation and use of privileges shall be restricted and controlled” whilst the Payment Card Industries Data Security Standard (PCI-DSS) recommends “auditing all privileged user activity”.  Neither of these requirements can be met if it is not possible to identify a specific privileged user, or associate them with the actions that they have carried out.

“Security is all about ensuring the right people are accessing the right things and performing the right tasks at the right time,” continued Guyatt. “However, short-cuts are often taken to save time or make life a little bit easier and sharing Group Admin accounts does both these things, unfortunately at the cost of meeting essential compliance requirements and escalating operational risks.

By using solutions such as Osirium to automate the provisioning of personalised accounts throughout the entire infrastructure, full accountability and visibility of SysAdmin changes can be achieved which easily satisfies the requirements of compliance, best practice and change management processes.”

Related Articles

term->name is Risk Management

Recovery from O2 outage could have been accelerated using Osirium Privileged Task Automation

The system and process flaws that resulted in a loss of service for 23 million customers yesterday could have been resolved rapidly using Osirium… Read Post

The O2 outage, how task automation could help

Ericsson and O2 engineers would have been flat out either updating certificates or software. Once the fix recipe was determined it would be a case… Read Post

Osirium and RazorSecure announce strategic technology partnership

The agreement combines RazorSecure machine learning for identifying attacks through anomaly detection with Osirium expertise in Privileged Access… Read Post