Service accounts are under managed and overprivileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of the directories think the application or security team are giving the service accounts special attention. If security has a Privileged Identity Management (PIM) platform, they likely have service account management on their to-do list. But most haven’t gotten around to doing it. These accounts need the special rights they are granted to be useful. The power that grants them combined with the management twilight zone they live in makes them especially vulnerable to exploit.
Our blog series covers how a bad guy may go about exploiting service accounts. In the podcast, we’ve talked a little more about what that may mean in terms of impact if they are attacked successfully. In the end, though, the core advice you should hear is simply to start paying attention to these. Much like the crazy entitlement structures in the unstructured data world can suddenly become fatal to your plans when you want to be nimble, migrate to the cloud, or consolidate infrastructure, the lack of management around service accounts can become a hot spot from a security standpoint when you least expect it. There are many things you can do, from simply creating these accounts well to start to leveraging a PIM system to manage them, but none of them can start before service accounts get a little bit of mindshare from you and your teams.
Click here to listen to the podcast.
To read the full blog series accompanying the podcast, please click here.
To be notified of Insider Threat Podcast episodes, sign up here.