A joint account is a bank account that more than one person can access. Nonhuman accounts are major sources of operational and security risk. Currency risk sharing is a contractual agreement between counterparties to a trade or deal to share in any losses due to currency risk or exchange rate fluctuations. Most likely a lot of resources use the same credentials. Shared accounts should be used in conjunction with a password management system. For example, if a vendor uses a shared account to access a system to provide support, the account should be disabled by default and only enabled when the vendor needs to carry out support services, with a new password given each time. However, there are times when Jane needs administrative rights on the laptop to install software. For example, in general, shared accounts should not be used by individuals to access Protected Health Information (PHI). Authorized users can access resources using shared accounts without knowing the passwords and Centrify will not expose the passwords and will deny any unauthorized access. It makes it that much harder to pinpoint who has been compromised. So, for a two-person joint account, you could deposit £170,000, or £85,000 each – … Risk sharing may provide opportunities for an organization to mitigate risks. Shared accounts may also offer partial or full anonymity to those that use them. Access to a shared account should not be given to anyone that does not need to use it. All Rights Reserved. A role account is a generic user ID assigned for one specific role that can be used by more than one person. Concerns regarding shared accounts: The audit trail becomes an issue, since there is no valid audit trail possible. Shared accounts are commonly used on more than one application or resource. If possible, set up automatic alerting for when ‘high value’ shared accounts are used. For questions about this advisory, please contact ciso@uw.edu. Shared accounts not only increase oversight and improve usability, they also enhance your security. Risk sharing may be used as a strategy to improve … The challenges shared accounts hold for IT: Activity Tracking and visibility: The basic premise of identity and access management (IAM) is knowing who accessed which resource. The Account … If … Learn more about Centrify Infrastructure Services and shared account password management. Centrify Infrastructure Services can take full control of passwords and automatically change the password once the checkout expires. There are partners, employees, contractors, customers and others who access or try to access your most valuable company assets on a daily basis. Countermeasure. Look for tools that solve more than just that “one” problem you are trying to solve, because sharing an account with others is most likely also an account with “too much” privilege. If the use of an individual account is not appropriate for a given situation, consider using user-assigned secondary accounts instead of a shared account. It makes it that much harder to pinpoint who has been compromised. Read this Gartner Report! The use of shared accounts by individuals to access sensitive information may also violate contractual or regulatory requirements. Look for solutions that support session monitoring -- this way, there is accountability and visibility for privileged activity. Shared accounts should be audited regularly. Adequately managing the password for a shared account can be difficult because the password must be shared with multiple people. With the Classic model, local accounts should be password protected. Risk management helps cut down losses. Regardless of the reason, shared accounts present a host of security risks to the network. Generic or Shared Role Account. A joint account can be any kind of bank account: savings, transaction or term deposit. The more people that know a password, the more likely the password could become compromised. He's been working in the network security sector for over fifteen years, as System Administrator, Technical Support and Technical Marketing. Generally speaking, a shared account should not be used by a person if they can use their individual account instead. 4. The end-user doesn't need to remember or write down the various accounts they might be using. When the audit trail is not properly in... Loss of credentials to unauthorized users is significantly increased. The risk occurs when the trader suffers a loss. A hacker discovering a document full of shared passwords in one employee’s Google account can turn a single security incident into a full-blown breach, potentially opening your … It is important to understand those risks to determine if the use of a shared account is appropriate for a given set of circumstances, and to put in place appropriate safeguards when using them. Enterprises can secure and manage super-user, service, and application accounts on servers and network devices, both on-premises and in the cloud. But each individual or each group represents a high risk if their privileges are not managed properly. Andreas Zindel is a Director of Technical Marketing for Centrify's Identity Service. For example, resource risks shared between multiple teams may provide opportunities to share resources and reduce risk. The decision to use a shared account should be made with oversight from the security team, regulatory bodies, IT management, and system administrators. Shared accounts should be documented to include who has access to the account, who is responsible for managing the account, what the account will be used for, and how long the account is needed. The use of a shared account by multiple people limits the ability to monitor or audit who has used the account at any given time. This can be especially damaging if the account that has been compromised is a shared account: Shared accounts are commonly used on more than one application or resource.