By Greg Keller Posted January 14, 2016
At the behest of Dell, Dimensional Research, an independent technology market research firm, recently conducted a study asking 560 IT professionals in the United States, United Kingdom, Germany, Australia, and New Zealand how they are dealing with their administrative accounts. The results are shocking and are a major risk factor for organizations. Admin accounts are central to managing devices, applications, and networks, and as such are critical accounts that must be guarded.
Serious Security Risks Uncovered
Default Admin Passwords Unchanged
The Dimensional Research study found that 37% of the respondents’ organizations didn’t change the default admin passwords for hardware and software. Many infrastructure devices and applications come with default passwords, so that it is easier to configure them. For instance, wireless access points come with default passwords. If those passwords aren’t changed, it is easy for a hacker to get in and do whatever they want with those systems. The same is true for a number of applications. Default passwords are simple and easy to change and contain a serious threat vector.
Shared Admin Credentials
The research also stated that 37% of the respondents’ organizations share admin credentials. Shared accounts is another serious vector of risk. This practice not only makes it difficult to track which user is doing what on the system, it opens the door for more people with the same credentials to have those admin accounts leak out. Shared accounts then becomes a systems issue, making it difficult to provide and revoke individual access on a larger number of devices, applications, and network infrastructure equipment. It isn’t often the case that IT admins don’t know to eliminate shared accounts, it is more likely that their processes and systems make this a much harder problem to solve.
Need for Identity Management
Another stat that likely points to the root of the problem is that 31% don’t know who is supposed to be an admin and who isn’t, which may in fact be the core issue. If organizations can clearly identify who is responsible for what IT systems, it will not only make it much easier to divide responsibilities, systems can be put in place that help support the process of controlling and managing administrative credentials.
One Platform to Address Password Security Risks
These security issues, while challenging, are eminently solvable. With the right identity management solution, organizations can create systems and processes that will address the management of admin credentials. A solution such as a Directory-as-a-Service platform with an identity management component, can manage credentials on all types of devices, applications, and network gear. JumpCloud’s Identity-as-a-Service solution can define core password complexity requirements including the ability to rotate credentials on a regular basis.
If you would like to learn more about how your organization can manage administrative credentials, drop us a note. Or feel free to give JumpCloud’s Directory-as-a-Service a try. Your first 10 users are free forever.