Closed Captioning Closed captioning available on our YouTube channel

How to manage and secure administrator accounts

CSO Online | Mar 4, 2020

Administrator accounts have wide access to data and systems. Here’s how to protect them from abuse or compromise.

Copyright © 2020 IDG Communications, Inc.

Hello, this is Susan Bradley for CSO Online. Today, I'm going to talk about administrators, administrators to your network, administrators to your Cloud Network. Do you trust them? Maybe you shouldn't.

Recently, there was a story of an employee of a managed service provider that was selling access to the client base of that company. Scary thought, isn't it? He put out on a dark channel saying, hey, I can give you access to all of these people in this network. He told them exactly how to access the network and was going to charge 600 bitcoins for it. Not a lot of money for a lot of access. Trusting administrators and outside consultants is a key part of the security chain these days. Many years ago I remember an article by Steve Riley, who at the time was a speaker on security for Microsoft. He was speaking at their security conferences at the time and asked attendees if they trusted their administrators. Astoundingly, the vast majority of the people in the room indicated they did not trust their administrators. He stated the time. If we can't trust the very people we hired to build and manage the mission critical networks on which our businesses depend on. We might as well unplug it and revert to the days of stone knives and bear skins. Administrators have access to the entire network and these days may even have access to cloud infrastructures as well. So you need a process for interviewing, investigating, hiring, monitoring and terminating an employer consultant who has the role of this administrator.

Now, there's another administrative role that you may need to monitor that of a third party software that has service accounts rights when setting up a third party software, your Office 365 deployment review what rights it's asking for. It may need another service account or special credential setup in order to work with multifactor authentication. You may have to use conditional access to setup MFA bypass in order to use service accounts. When you work in small business, a consultant on often has multiple employees handle the access for multiple clients. Administrator accounts for Office 365 do not cause additional licensing. In fact, Microsoft recommends that you set up at least five administrative accounts. Furthermore, they recommend that you limit the use of global administrator and set specific administrators for specific duties. For example, there's a new use of an authentication administrator that specifically handles the multifactor authentication setup. Users with this rule can set or reset non password credentials and can update passwords for all users.

For those of you that work with Microsoft partners, remember that Microsoft is now mandating the use of multi-factor authentication in their partner ecosystem. Furthermore, Microsoft is changing the security defaults to mandate multi-factor for the following roles.

Global Administrator. SharePoint Administrator. Exchange Administrator. Conditional Access Administrator. Security Administrator. Helpdesk Administrator. Password Administrator. Billing Administrator. User administrator and the brand new authentication administrator.

Well, in small businesses, we may have to deal with sharing these global administrator walls in big businesses, you obviously do not want to do that. You want to go down this list of the different administrative roles and assign specific people to them, decide who is going to have the specific rights. Not everyone should have these rights.

And of course, since you should have an emergency account set up with no multi-factor in case there's an issue, you need to monitor those usage. There are several ways you can do it. You can do it with conditional access or there's a different way that's recommended here in the KnowOps YouTube video. Here in the video, Dana showcases how you can set up the monitoring. Bottom line these days, trust and verify your administrators don't just accept that they're doing it. Make sure you put in logging, make sure you put in tracking. Make sure you have multi-factor. So in case the bad guys piggyback on top of their access that you can block it. And then, of course, should that bad actor be the employee themselves? You can revoke their credentials. Until next time, this is Susan Bradley for CSO Online, see us online at the Tech Talk from IDG YouTube Channel. Thanks again.

Featured videos from