When it’s hard to know how to protect against so many sophisticated threats, many businesses are turning to the UK Government’s Cyber Essentials framework for guidance.
It’s an effective way to establish a strong baseline for security – although, as we’ve discussed, the best protection goes beyond the basics. It’s also a badge of honour for building customer confidence, whether you’re displaying the self-assessed Cyber Essentials badge or the more detailed Cyber Essentials Plus standard.
But when securing your configuration and taking care of user access control is such a big part of the framework, even meeting these basic requirements can feel like an overwhelming task.
There are two areas of Cyber Essentials that cover the privileged passwords within your organisation.
First, you’re expected to implement a secure configuration. This includes:
However, that’s not as simple as it sounds when so many of your applications, operating systems, and devices create privileged accounts by default. It’s hard to keep track of them all, let alone make sure your policies are being appropriately enforced.
Second, the Cyber Essentials framework includes detailed guidance for user access control, including:
The challenges there go beyond simply discovering all your privileged accounts. To meet these guidelines, you need to maintain absolute visibility and remember to keep passwords and open accounts up-to-date when things change.
That’s all in the real world, the one you work in – where those privileged accounts aren’t tied to individuals. They’re liberally shared between entire teams of people that will or could need access, making it harder to know who can access what at any given moment.
Before you know it, taking care of your privileged accounts drains all your time, money, and energy. You struggle to keep up.
And it’s right then that the account you’ve missed is the one an internal or external attacker gets hold of.
The answer is in automation. It’s in taking advantage of the right technology to discover all your privileged accounts, then streamlining the way you manage them day-to-day.
Thycotic, specialists in Privileged Account Management, make it easier for businesses to meet the guidelines of Cyber Essentials – and, in many cases, exceed them.
With the free Privileged Account Discovery Tool, available for Windows and UNIX, you can discover every privileged account and get a detailed, management-ready report. Best of all, it’s a free tool to help you understand the scale of the problem.
From there, make the most of your opportunity to keep those accounts secure.
Thycotic Secret Server lets you store your privileged account details in an AES 256-bit encrypted repository where your passwords can be securely accessed, your policies can be enforced, and every interaction is logged in a detailed audit trail.
It’s the most efficient – and cost-effective – way to meet Cyber Essentials guidelines and keep your privileged accounts protected against a growing threat.Get My Free Privileged Account Discovery Tool for Windows Get My Free Privileged Account Discovery Tool for UNIX