In a large organization, with hundreds of employees requiring administrator access, on Windows, Linux, Oracle, SAS, and more, is it reasonable to create a separate administrator account for everyone?
Defining a policy for creating separate accounts with administrative rights is nothing out of the ordinary. It’s actually becoming the norm. This approach provides appropriate segregation of duties and enhances security around accounts with full access to systems and their data.
This can be difficult to implement in a large organization. Not because it’s not feasible, but because it’s extra work. But this work can also help change the mindset of administrators and, beyond that, directions.
I have seen large companies create separate administrator accounts in several ways. One was to create accounts with read-only access to control system configurations to prevent the accidental creation of system problems when reviewing an application. The other approach is to create accounts that administrators only use when they need to make changes to systems, or need to elevate their privileges.
In any case, it is recommended that two accounts be created for system administrators, especially those with access to sensitive data or privileged access. A first account should be used to make changes, while the other account has read only rights. The first one can even be deleted for users who do not need it, but who still need to have read access to a system.
On many occasions, I have seen users – especially Windows administrators, although this can happen with any operating system – using their privileged account as their default account, on a daily basis. And these users are just a click away from seeing their account compromised by phishing, XSS or whatever. There will always be people lamenting that administrators are not able to do their jobs without using a privileged account throughout the day. But most cases are exaggerated. Administrators can occasionally and on the fly run applications as administrator on Windows, or use sudo on Linux, to limit the exposure caused by the continued use of privileged accounts.
There are now many tools in the area of privileged access management that can help solve this problem. But most often, it is mainly a change of culture. Directions must see the risk associated with using privileged accounts to navigate the web. To bring change gradually, it is recommended to drive drivers with a few users, creating a secondary account.