Break Glass Accounts: Best Practices for Emergency Access in Privileged Account Management
Controlling access to critical systems is paramount in today’s digitally driven organizations. Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions are crucial in safeguarding sensitive information and infrastructure. However, there are scenarios where these security measures might inadvertently prevent authorized personnel from accessing vital systems — potentially impacting operations, customer experiences, and even cybersecurity responses.
Enter the concept of “break glass” accounts: specially designed emergency accounts that provide a secure bypass to normal access controls during critical situations. This blog post explores the importance of break glass accounts, how they function, and best practices for implementing them effectively.
What Are Break Glass Accounts?
Break glass accounts are highly privileged, pre-staged accounts reserved for emergency scenarios where standard access methods are unavailable or insufficient. The term “break glass” originates from breaking the glass in an emergency to access a fire alarm. These accounts act as a last resort in IT to regain access to critical systems when regular authentication mechanisms fail.
Why Are Break Glass Accounts Important?
Several situations necessitate the use of break glass accounts:
- System Outages: Downtime or maintenance of IAM/PAM tools can block regular authentication processes.
- Network Failures: Issues like network outages or Distributed Denial of Service (DDoS) attacks can render authentication services inaccessible.
- Federation Service Failures: If federated identity providers experience issues, users may be unable to authenticate.
- Administrative Lockouts: Misconfigured policies or forgotten credentials can lock administrators out of essential systems.
- Cyberattacks: Attackers might exploit security controls to prevent defenders from accessing compromised systems.
- Natural Disasters: Emergencies can disrupt communication networks, hindering multi-factor authentication (MFA) methods reliant on mobile devices.
In such critical moments, break glass accounts ensure authorized personnel can swiftly regain access to systems to address emergencies, maintain business continuity, and mitigate security risks.
Best Practices for Creating Break Glass Accounts
- Establish Multiple Accounts: Create at least two break glass accounts for redundancy. If one account is compromised or inaccessible, the other is a backup.
- Use Cloud-Only Accounts: Avoid linking break glass accounts to on-premises directories to reduce dependencies and potential vulnerabilities from local systems.
- Default Domain Usage: Utilize the default domain (e.g., *.onmicrosoft.com) for these accounts to prevent issues if custom domains become unavailable.
- Standard Naming Conventions: Apply regular account naming conventions to avoid drawing unnecessary attention that could make the accounts targets for malicious actors.
- Strong, Complex Passwords: Generate long, complex passwords (up to 256 characters if possible) and store them securely. Limit access to these credentials to a small, trusted group of administrators.
- Robust Authentication Methods: Protect accounts with strong MFA solutions. Hardware security keys like FIDO2 devices offer passwordless and phishing-resistant authentication, enhancing security.
- Exclude from Regular Policies: Exclude break glass accounts from standard conditional access and MFA policies to ensure they remain accessible during emergencies.
- Implement Dedicated Security Policies: Apply specific conditional access policies to break glass accounts, enforcing stringent authentication requirements and session controls.
Best Practices for Maintaining Break Glass Accounts
- Secure Storage of Credentials: Store account credentials in secure, fireproof locations accessible only to authorized individuals. Consider splitting passwords into parts and storing them separately for added security.
- Regular Monitoring: Continuously monitor sign-in and audit logs for any activity involving break glass accounts. Set up alerts to notify administrators of usage, ensuring that accounts are used appropriately.
- Periodic Testing: Regularly test the accounts (e.g., every 90 days) to verify that they function correctly and that the access procedures work as intended.
- Comprehensive Documentation: Document all aspects of the break glass accounts, including creation procedures, storage methods, and access protocols. Keep this documentation in a secure location alongside the credentials.
- Limited Access Awareness: Only a select group of trusted personnel should know about break glass accounts’ existence and usage procedures to minimize the risk of misuse.
- Stay Updated on Security Practices: Keep abreast of the latest security developments and adjust your break glass account policies accordingly to maintain optimal security.
Implementing Break Glass Accounts Effectively
- Assign Clear Ownership: Designate an emergency account manager responsible for overseeing the distribution and use of break glass accounts.
- Establish Access Procedures: Define clear protocols for how and when these accounts can be accessed, including identification requirements and auditing processes.
- Use Secure Authentication Devices: Store authentication devices, like hardware tokens or security keys, in secure locations accessible during emergencies.
- Monitor and Audit Usage: Implement systems to track the usage of break glass accounts, ensuring that any access is logged, justified, and reviewed.
Conclusion
Break glass accounts are critical to a robust security strategy, providing a safety net when standard access controls fail or are insufficient. By following best practices in creating, securing, and maintaining these accounts, organizations can ensure they are prepared for emergencies without compromising overall security.
Implementing break glass accounts requires careful planning and ongoing management, but business continuity and risk mitigation benefits are significant. By proactively establishing these emergency access measures, organizations position themselves to respond effectively to unforeseen challenges while maintaining the integrity of their security posture.
