06-04-20 - Let's Make this Easier and Just Share Accounts

Let's Make this Easier and Just Share Accounts

June 04, 2020

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Shared Accounts

Defense in Depth: Shared Accounts

 On this episode of Defense in Depth:

Co-host Allan Alford and sponsored guest, Jake King, CEO, cmd, discussed:

  • As much as it makes security professionals cringe, shared accounts are a business reality that can't be avoided.

  • Certain business processes force shared accounts to exist, but that doesn't mean as a security professional you shouldn't grill to find out why the shared account exists and if there's a way you can remove that shared privilege.

  • Get an inventory of your shared accounts. Also, you can do this with mapping credentials with location information.

  • Time pressures in a physical environment often force shared accounts.

  • You need to shine a light on shared accounts even if they're not going to go away. It's part of your GRC (governance, risk, and compliance) program.

  • There are compensating controls one can put around shared accounts such as password rotation, monitoring usage, and alerts.

  • Privileged access management (PAM) is the favorite solution for dealing with shared accounts. Often you don't need compensating controls if you have a dynamic PAM solution in place.

  • The need for accountability is key here. If you don't have an equal understanding of its importance then those eventual issues are simply going to magnify.

Thanks to this week's sponsor of Defense in Depth, Cmd.

Cmd

provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.

 

Ninay Wyatt, CISO, Sunflower Bank on managing your data

Upcoming Video Chats

All video chats happen on Friday at 10 AM Pacific/1 PM Eastern[06-05-20] Hacking the Risk Decision Making Process - TOMORROW![06-12-20] Hacking Rogue IT[06-19-20] Hacking API Security

Best Moments from "Hacking Zero Budget Security"

Best Moments from "Hacking Zero Budget Security"

Here are six minutes of the best moments from last week's “Hacking Zero Budget Security” Video Chat. To watch the full video and read the chat go

.

Featured in the video is Matthew Southworth, CISO, Priceline, Justin Berman, head of security, Dropbox, and David Roth, vp, Trend Micro.

Check out the post for the best bad ideas and the best quotes from our chatroom.

Please join us every Friday for our weekly CISO Series Video Chats. See above.

Mike Johnson on the real unique solutions

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.