Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Account Lifecycle Manager Automates and Simplifies Cloud-Based Service Account Governance

mm

Written by Sara Shuman

June 15th, 2021

It’s easy for a service account to get “lost.”

It happens when an original account owner leaves and neglects to pass on vital information about its purpose. Or when the system tied to the service account is no longer needed. Or, when a service account is set up for temporary purposes, like software installation or system maintenance, but left in place long after its use.

Cloud-based service accounts are particularly tricky to govern because they are often set up by teams other than corporate IT and may use secrets management processes other than central vaults.

Many service accounts are set to never expire

As a result, forgotten service accounts are never rotated, audited, or decommissioned. In fact, many service accounts are set to never expire so systems don’t break unexpectedly. Even when security teams put in the extensive hours required to discover service accounts, they rarely know their purpose or who has access and are afraid to decommission them.

Risk is highly concentrated in service accounts because they connect business-critical applications, databases, root accounts, and other IT systems that contain sensitive information. Enterprises need security strategies and easy-to-use toolsets that govern all types of service accounts so they don’t fall off the radar.

The latest version of Account Lifecycle Manager governs the complete lifecycle of cloud-based service accounts even better than before

Thycotic Account Lifecycle Manager makes it possible for enterprises to manage all types of service accounts with end-to-end governance, from discovery and provisioning through decommissioning. No other PAM solution provides full control over the lifecycle of service accounts in the same way.

This week we introduced the latest version of Account Lifecycle Manger. The new capabilities extend ALM’s vault agnostic platform which also includes cloud vaults for AWS and Azure as well as DevOps vaults such as Thycotic DevOps Secrets Vault and Hashicorp Vault. By integrating with external vaults for cloud secrets, enterprises are now able to improve service account governance and reduce risk across the broader privileged account attack surface.

How many unmanaged service accounts do you have?

If you don’t know the answer, you aren’t alone.

Thycotic’s free Service Account Discovery Tool is the first step to building a prioritized service account governance plan that lowers your risk and keeps you competitive and compliant.

Try the free tool to uncover: 

  • Aged service accounts and passwords that may no longer be used
  • Expired service account passwords that require changing
  • Service accounts and passwords without expiration requirements
  • Services that share privileged credentials, violating least privilege policies

 We look forward to hearing your feedback on the latest enhancements to Account Lifecycle Manager!

Account Lifecycle Manager

Account Lifecycle Manager

Eliminate risky service account sprawl with end-to-end access governance.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS