+1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Service Account Governance: Reduce your attack surface with Account Lifecycle Manager

mm

Written by Barbara Hoffman

August 20th, 2019

Service accounts abound in every organization. Failure to manage them leads to significant risk. This has been a critical issue for organizations that use Active Directory and have grown to a level that accounts can no longer be managed by hand. Almost all medium to large organizations suffer from extreme service account sprawl, perpetuating the unmanaged, uncontrolled expansion of their privileged account attack surface. Service accounts are basically a ticking time bomb in the privileged account world.

In numerous blogs, we have covered service account governance in depth from fear of unknown dependencies to managing the service account lifecycle from provisioning to disposal, bringing to light the dangers of not recognizing and taking control of the service accounts in your overall privileged account attack surface.

We are excited to announce the release of our newest solution, Account Lifecycle Manager. Thycotic’s Account Lifecycle Manager is a solution that automates and streamlines service account governance, finally allowing organizations to control their service account sprawl. Now our customers can easily secure, provision, and decommission service accounts to harden and ultimately shrink their attack surface with Account Lifecycle Manager.

See Account Lifecycle Manager in Action:

Through countless interactions with our customers during the development of our Account Lifecycle Manager solution, we continued to hear the inherent difficulties involved in managing service accounts. In these conversations, our team was somewhat surprised to hear that the largest challenges our customers faced – lie not in the discovery and provisioning of these accounts, which was our original focus, but in the decommissioning or end of lifecycle stage of service account governance.

With this release, Thycotic has streamlined the full-service account lifecycle from automated provisioning, through automated review and removal of un-used accounts. Account Lifecycle Manager enables decommissioning of service accounts without service disruptions as well as tracking accounts owned by departing employees. This new solution provides easy notifications when accounts should be decommissioned. When we say “decommission” we mean not only the deprovisioning of an account, but also the point at which an account should be renewed, re-approved, disabled or expired. This process can be automated and tailored to fit any organization’s needs with webhooks so the notifications can be sent to other systems such as ServiceNow or Remedy.

Alerts include:

  • Review – Account Lifecycle Manager requests user to acknowledge renewal​, but does not turn the account off in any way.​
  • Disable – The user is asked to acknowledge renewal and sets account to “disable” if not renewed.
  • Expire – Account Lifecycle Manager notifies user that account must be re-approved before renewal​. If account is not renewed, the account is expired on the appropriate date. ​
  • Delete​ – The user is asked to acknowledge renewal​. If the account is not renewed, it is deleted along with the credentials in Secret Server​.

Now IT teams have the solution they need to improve service account governance and seamlessly control service accounts to mitigate the risk of breaches, service interruptions, and human error.

Account Lifecycle Manager empowers organizations to manage and control service accounts with workflows, automated provisioning, governance, compliance, and de-provisioning capabilities. Account requests follow approval workflows and are easily tailored to any organization to meet their specific requirements.

Account Lifecycle manager integrates with Secret Sever, and in combination these two products address end-to-end privileged access management. It is like no other solution on the market, and we would love you to try it in your organization with a 30-day free trial.

risky applications scared

Account Lifecycle Manager

Eliminate risky service account sprawl with end-to-end access governance.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.
mm

Barbara Hoffman

Barbara joins Thycotic with nearly a decade of experience in IT software and security, and many more years working in product management, development and marketing across a number of different industries. As part of the Product Marketing team, she helps define and drive marketing strategy, messaging & positioning, sales enablement, and content creation for Thycotic’s cornerstone offering, Secret Server, along with Privilege Behavior Analytics and Account Lifecycle Manager. Barbara earned her BS in International Business from George Washington University, her MBA from the University of Southern California and Cybersecurity Certification from Georgetown University.