Managing the use of privileged accounts is one of the most important focuses in cybersecurity today. Major cyberattacks seek to obtain footholds into your digital infrastructure, then pivot to privileged accounts that give threat actors high-level access to critical assets. Lacking governance over the use of privileged accounts is one of the most dangerous security vulnerabilities an organization could face. You must review the digital identity inventory conducted in the previous section and denote which accounts are privileged.
According to NIST, a privileged account user is a user that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform. In small network environments, privileged accounts are most commonly found in the form of administrator/root accounts on operating systems. Out of the box, Windows systems direct you to create an administrative-level account as the primary user account for the system. This is a very bad security practice, despite the fact that Microsoft directs you to do it. All individuals with network access should use Standard accounts to perform their daily workflows, including administrative personnel.
All privileged accounts should be reserved for use only to perform system-level maintenance tasks. As threats to identities continue to grow in the cybersecurity landscape, businesses should look to implement security controls that secure privileged account access throughout entire sessions. These include Just In Time/Just Enough Access (JIT/JEA), Context-Based Authentication, and Risk-Based Access Control.
Start by surveying your digital landscape for privileged accounts. Make sure to include all administrator/root accounts on workstations and servers (check the Computer Management snap-in on Windows, visudo group on Linux), as well as all administrative accounts on web applications and cloud services. Enterprise resource management solutions are another source of often-overlooked privileged accounts. For example, Microsoft Entra ID designates several privileged roles that allow user accounts to configure an organization's entire identity structure at a high level. These include Global Administrator and Billing Administrator. A privileged account inventory would list all user accounts assigned these privileged roles in the Entra ID dashboard. Similarly, Google Workspace provides a number of built-in privileged roles, including Super Admin, Groups Admin, and User Management Admin. User accounts that can modify your company's Facebook page or WordPress website also count as privileged accounts.