Privileged account
Privileged account
(also administrative account, privileged user account, superuser account)
Privileged account definition
A privileged account is a user account with elevated permissions granting access to critical systems, data, and resources within an organization’s network. This type of account enables users to perform administrative tasks, such as installing or removing software, modifying system settings, creating or deleting users, and managing network permissions. Nevertheless, due to their extensive access, privileged accounts pose a considerable security risk if compromised by attackers, who may exploit them to gain unauthorized access to sensitive data or disrupt operations.
See also: two-factor authentication, administrative privileges
Privileged account examples
- System administrator: A user with authority to manage and maintain an organization’s computer systems, including installing software, applying updates, and configuring network settings.
- Database administrator: A user responsible for managing and maintaining an organization’s databases, including creating, updating, and backing up data.
- Network administrator: A user responsible for managing and maintaining an organization’s network infrastructure, including routers, switches, and firewalls.
Managing privileged accounts
- Implement the principle of least privilege, granting users only the minimum permissions necessary to perform their duties.
- Regularly review and audit privileged account activities to identify any unauthorized access or potential misuse.
- Enable multi-factor authentication (MFA) for privileged accounts to add an extra layer of security.
- Use a privileged access management (PAM) solution to centralize and secure the management of privileged accounts.