Administrative sprawl refers to the granting of unnecessary administrative permissions to resources. Many times there are controls put in place for granting elevated permissions for a user to access the appropriate resources to perform their job. However, as job responsibilities or personnel shifts, these controls are left in place. This poses a threat to an organization’s security. Leaving legitimate user accounts with unnecessary admin permissions increases the potential of an account takeover. Some of these unsupervised administrative accounts may, in turn, grant access to other users.
Identity sprawl can create these problems as well. Unlike administrative sprawl, identity sprawl refers to having too many people in the organization having too many accounts, each with different usernames and passwords. The issue with this is tracking and monitoring these accounts.
In order to protect against these potential risks to an organization’s security posture there should be documentation, policies and scheduled monitoring.
- Review all user accounts and revoke unnecessary access.
- Deploy the principle of least privilege. No user should have more access than is needed to perform their job.
- Control and limit the number of elevated accounts per user.
- Consider adding automated processes to assist with controlling user access. This might include deploying just-in-time access. This type of access control has time limitations and will make sure the access is limited.
Managing administrative sprawl is essential to the overall security posture of an organization. Having policies and procedures in place will lend itself to a secure work environment.