Privileged accounts risk security, ISO compliance


IT departments need to keep an eye on their privileged users, as such accounts are the weak link in security, according to a new study.

The CA-commissioned survey of 270 firms found 41 per cent of firms claiming to be ISO27001 compliant actually break the rules, such as allowing privileged users to share their accounts.

In the UK, 47 per cent of firms are ISO compliant, but 30 per cent had never heard of standard regarding privileges and 56 per cent weren't sure if admin accounts were being shared.

The study also found that a quarter of firms across Europe use time-consuming, error prone manual controls to manage their privileged users.

Indeed, the report showed IT managers aren't very concerned with the issue, ranking malware, the internet, internal users and web 2.0 tools as more threatening security risks.

CA director of security solutions Simon Godfrey said the study's results showed IT admins were overlooking such accounts as a security risk.

"While such access is necessary, it is most commonly managed on an ad hoc basis and, despite claims to pay heed to the requirements of regulators, requirements with regard to privileged users are often overlooked," he said in a statement.

"It is in the best interests of individual IT managers, the IT department, and the overall business to have measures in place to control and monitor privileged users."