There are so many user accounts in any environment which are what I call “non-human” accounts – like accounts for services and scheduled tasks. Acounts that applications use to access database servers and accounts used by scripts to logon to other servers.
These non-human accounts tend to create all kinds of risks and management burdens. Non- human accounts:
- Tend to be highly privileged and therefore a definite target of attackers
- Frequently have passwords duplicated on other systems– making it easy for bad guys to extend their lateral kill chain
- Tend to stick around after no longer being needed because we are sure and don’t want to break anything by deleting them
- Are a burden and risk in terms of passwords
- Periodic password changes – again easy to break something if we miss updating the password somewhere it is stored
- When admins leave with knowledge of the password
Read more at – Webinar – 10 Ways to Secure and Manage the Risk of Service Accounts and Other Non-Human Accounts