Organizations are spending millions of dollars hardening security, but securing service accounts is not always prioritized.
Service Accounts are accounts that can be used to run applications, services, and tasks, and are not tied to a specific user or regularly authenticated to. These accounts present even more of a security issue than normal accounts for several reasons. Application owners and administrators share service account passwords, the passwords are often recorded, and the accounts have the potential to be covertly compromised and have greater impact than people-based accounts.
There are several approaches which may help to mitigate the risks associated with service accounts:
- In some cases, a simple switch to a system-managed account may provide protection. Other environments may need to have a more centralized approach.
- Restricting the location of use of those accounts may reduce the ‘blast radius.’
- Understanding where accounts are in use and their permissions.
Regardless of the method, it is important to secure service accounts by protecting or eliminating their passwords. Join OCG Principal Architect Mark Riley for a discussion of the risks and modern solutions for these non-person accounts.
Related Blog: Taking Control of your Active Directory Service Accounts