Thycotic launches automated solution for managing service accounts
Service accounts are specialized non-human accounts used by applications or other services to access data and network resources to perform specific tasks.
Because they tend to be set and then forgotten they often slip under the radar of conventional account management processes. Privileged access management specialist Thycotic is launching a new Account Lifecycle Manager to automate the management of these accounts.
Service accounts exist in large numbers in most enterprises. Their specialized operation often requires elevated privileges and access to business-critical applications and data. However, they avoid the governance of other privileged accounts because they are rarely utilized by human users and operate behind the scenes, 'silently' performing their assigned tasks and requiring little maintenance or attention.
IT admins are often reluctant to decommission these accounts because their dependencies can be difficult to ascertain, and inadvertent removal can lead to service disruptions. This reluctance leads to service account sprawl, expanding the privileged account attack surface to proportions that are virtually impossible to manage without the proper tools.
"These are system accounts and process accounts that run a variety of system settings and security settings," says Jim Harvey, VP Northern Europe at Thycotic. "We have customers that have service accounts that they haven't seen, haven't changed passwords on them, that are older than their children. This solution will tell you what the service account is, how long it's been in operation, when it last had a password change. It also will allow you to see the dependencies running off a particular account."
Thycotic's Account Lifecycle Manager enables comprehensive service account governance by automating the entire lifecycle of accounts, with workflows, automated provisioning, governance, compliance, and decommissioning capabilities. Service account requests follow approval workflows tailored to each organization's specific needs. IT teams can seamlessly control service accounts and mitigate the risk of breaches, service interruptions and human error.
"You can bring existing accounts under control, but also now create the whole lifecycle of an account as part of your privileged account management policy," adds Harvey. "You can set hard to crack passwords but you can also say that, for example, an account only needs to exist for two months. You can also ensure that whenever an account is accessed the password is rotated and that its usage gets logged. At the end of the two months the account will be decommissioned, all without human interaction."
You can find out more and try the Account Lifecycle Manager for free on the Thycotic site.