Creating a policy for separate administrator accounts isn't something unusual; it's actually becoming a standard. Creating a separate account for administrators allows for the proper separation of duties and security on accounts that have full access to systems and data.
This can become an issue within a larger company -- not because it can't be done, but because it's going to take more work in order to complete. A lot of this work might also change the mindset of the administrators and management.
I've seen large companies create separate accounts for administrators in a few ways. One way was creating accounts for systems with read-only access to review configurations and access so they didn't accidentally create an issue within a system when reviewing the application. On the flip side, I've also seen the same thing happen where accounts were created that were only used when the administrator was about to make a change to a system, or if he needed to elevate his rights. Read more of my article at the below link:
http://searchsecurity.techtarget.com/answer/Are-separate-administrator-accounts-a-good-idea-for-enterprises
This can become an issue within a larger company -- not because it can't be done, but because it's going to take more work in order to complete. A lot of this work might also change the mindset of the administrators and management.
I've seen large companies create separate accounts for administrators in a few ways. One way was creating accounts for systems with read-only access to review configurations and access so they didn't accidentally create an issue within a system when reviewing the application. On the flip side, I've also seen the same thing happen where accounts were created that were only used when the administrator was about to make a change to a system, or if he needed to elevate his rights. Read more of my article at the below link:
http://searchsecurity.techtarget.com/answer/Are-separate-administrator-accounts-a-good-idea-for-enterprises
No comments:
Post a Comment