Elevated Access Accounts 2978

  • I am new here so forgive me if this topic was already covered back during the earlier days of this forum. I am wondering how people handle Elevated Access accounts.
    We currently allow people to check out an Elevated Security Account if they have a break fix or a change to put in place. Unfortunately, over the years the amount of elevated access accounts has grown to about 300 accounts with almost 2,000 users.
    I am wondering how other groups/companies are handling the need for Admin Access on a system or database when they are trying be diligent and segregate duties. I would be very interested in hearing how others have approached this question and how it’s working a few years after SOX has been implemented.

  • We used the Sealed envelope method to keep the passwords of these accounts secret. These got changed after usage and got stored with a top guy within the organization. Added to this was logging and reviewing the activities of this account while being used.

Log in to reply