When you have several users that decide to share their credentials out of convenience, how do you respond? You might educate them and possibly offer a remedy that replaces it with a secure solution that offers the convenience they were seeking.
As an IT service provider, your focus is often heavily on what the client environment needs in order to run smoothly and be secure. Your clients rely on you to provide the resources and security necessary to run their business.
Easy to identify a shift needs to be made in the scenario of users sharing credentials. What is good for your clients, is good for you too. Aim to suit your actions to your words.
One of the areas that got missed as the landscape changed for IT service providers and security became a focus, is how your techs are accessing your clients. It got missed because your need cannot be addressed by enterprise level solutions geared for single domains. This type of solution does not scale well when your need encompasses servicing multiple unrelated domains. For many years, this left IT providers doing the best they could with what they had.
Big changes in the area of cyber security have been mounting. What was acceptable is becoming not enough. Government and medical verticals have required more comprehensive security policies for some time. Some of these same standards are now coming to insurance policies. The insurance industry is quickly changing the minimum standard of doing business.
How does zero trust with accounts relate to this? Insurance policies are now coming with questionnaires.
☐ implementation of MFA (with fidelity)
☐ meet PCI requirements
Both of these implementations mean that an account belongs to a person and it is not shared or accessed by others. It is not enough to implement a tool to manage privileged access unless you are creating individual accounts for your techs and they only have access to their individual accounts.
Does creating and managing individual accounts for your techs sound like a substantial time spend without automation?