Privileges Management

Privilege management is the practice of controlling and administering digital user identities and the rights of those identities to perform actions on specified resources.

On on the main goals of a privilege management practice is to monitor and protect the superuser accounts in an organization.

Oversight is necessary so that the greater access abilities of super control accounts are not misused or abused. Unmanaged super user accounts can lead to loss or theft of sensitive corporate information, or malware that can compromise the network.

Super user accounts have typically been very loosely governed. Identity management software often leaves super user accounts totally uncontrolled while enabling advanced privileges on the corporate network. Furthermore, the owners of those accounts often have no formal training in managing them.

To implement privileged identity management:

  • Create a policy that specifies how super user accounts will be managed and what the account holders should and should not be able to do.
  • Develop a management model that identifies a responsible party to ensure that the above policies are followed.
  • Inventory privileged accounts to determine how extensive the population is and to identify them.
  • Establish tools and processes for management, such as provisioning tools or specialized PIM products.