How to Reduce the Risk of Windows Server Insider Threats

BrandPost By Crystal Bedell
Jan 03, 2017

Three common insider threats and how to thwart them

istock 538899668
Credit: iStock/triloks

As IT organizations adopt an increasingly complex infrastructure, and an increasing number of diverse applications, they also increase the number of remote administrators accessing their environment. Unfortunately, IT may not always have complete control over and visibility into all its remote admin accounts. If an organization does not have a trusted identity management solution in place to verify these 3rd party insiders, the risk of insider threats to their Windows Servers increases.

The Windows Server environment is vulnerable to three common insider threats – but that risk can be significantly reduced by implementing a unified identity management platform.

Windows Server Threat No. 1: Too many local admins

For users to manage Windows services on a group of database servers, IT must grant them local administrator group membership. The problem: local admin rights provide full access to all the server’s resources, but users may only need to manage one or a few services. With local admin rights, there’s no limit to what users can do.

A unified identity management platform lets IT organizations grant permission to manage one or more Windows services without granting local administrator group membership. This way, users only have access to the Windows services they need to manage. An identity management platform can also provide visibility into who is doing what across both on-premises and cloud-based servers. This type of clear audit trail ensures users are only accessing the resources they need to do their jobs.

Windows Server Threat No. 2: Shared accounts without accountability

There are times when multiple users must share a single Active Directory account. This means every user has the account name and password. Unfortunately, native Windows tools audit the shared account without attribution to the actual user, meaning virtually anyone could access those resources and IT wouldn’t know any differently.

A unified identity management platform lets IT deploy shared Active Directory accounts safely. Each user is given a security token that includes his identity and/or privileges for the shared account. This approach eliminates the need to provide all users with the same account name and password, and guarantees that auditable actions are associated with the appropriate user.

Windows Server Threat No. 3: Regulated data is exposed to Domain Admins

Domain Admins have no business justification for accessing sensitive and regulated data such as that covered by the Payment Card Industry Data Security Standard (PCI DSS). They shouldn’t have access to this data – but they often do. This means IT organizations are directly violating the principle around separation of duties.

A unified identity management platform lets IT create a user a Domain Admin based on the computer the user is logged into instead of granting special privileges on every computer in the domain. This eliminates administrative credentials for servers holding sensitive data and enforces the separation of duties.

Unfortunately, privileged credentials for Windows Servers come with inherent risk—a risk is exacerbated by the proliferation of remote administrators. IT organizations can reduce this risk and gain the visibility needed for regulatory audits by deploying a unified identity management platform.

For more information click here.