Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

How to Expedite Discovery of Service Accounts for Onboarding into Service Account Governance

mm

Written by Erin Duncan

November 17th, 2020

Service accounts, by their nature, can take on a life of their own. They’re rarely tied to a human owner if managed at all, so service account sprawl takes over and organizations’ privileged account attack surfaces can expand almost beyond measure. And with almost all medium to large organizations unable to pull service accounts into a standardized governance cycle, there’s a ton of risk, too.

The biggest issue tends to be that IT has such a hard time simply finding and documenting their service accounts. They don’t want to decommission anything when they don’t know the implications; the last thing they want to do is create a service interruption where the business loses valuable dollars or customers.

Without the proper tooling, you’re stuck managing service accounts with manual tools like spreadsheets

We know a few Thycotic customers have launched projects to find all of their service accounts, map them to dependent services, determine which can be deleted, create new ones when necessary, and provide ongoing governance. Without the proper tooling of workflows, automated provisioning, governance, compliance, and decommissioning, they are stuck managing service accounts with manual tools like spreadsheets.

Thycotic’s Account Lifecycle Manager is a solution that automates and streamlines the full privileged account lifecycle of service accounts, allowing you to control privileged service account sprawl for efficiency and security.

The importance of discovery in managing service accounts

As you look to get a handle on your service accounts, both known and unknown, discovery becomes critically important, so you know the scope of what you’re dealing with. Account Lifecycle Manager has a built-in discovery tool that assists in finding your service accounts and pulling them under management.

The discovery tool works with Active Directory and enables system administrators to select any or all service accounts within a specific domain and import them into Account Lifecycle Manager. Once selected, they can be managed by associating them with Workflow Templates and assigning users and/or groups as account owners.

Discovery and onboarding is a key process when taking over governance of all existing service accounts

Although the solution can easily facilitate governance over all newly created service accounts, discovery and onboarding are key when taking over governance of all existing service accounts.

Once onboarded, Account Lifecycle Manager helps the owners of the service accounts maintain the account’s security and lifecycle. This allows accounts to be decommissioned only when they are no longer needed, keeping systems online and secure during their lifecycle.

Continuous discovery ensures the security of new service accounts

And once you’ve gone through the discovery and onboarding process, be sure to set up continuous discovery so you’re constantly staying on top of service accounts as your technology shifts and employees come and go. We recommend automated discovery that runs weekly or monthly depending on the amount of change in your environment.

Account Lifecycle Manager simplifies the effort required to discover your service accounts and helps you easily secure, provision, and decommission them to harden and ultimately shrink your attack surface.

Account Lifecycle Manager

Account Lifecycle Manager

Eliminate risky service account sprawl with end-to-end access governance.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS