Service Account Lifecycle
Service accounts are challenging to manage for any organization. Unlike normal user accounts they generally are not directly owned by an individual. Good practices put a sponsor in place for a service account normally identified as an ambiguous piece of data in the account information, but what happens when things change as they inevitably do.
Like non-employees, service accounts have a distinct lifecycle with a start and an eventual end, they also have relationships with other people and things. Some service accounts are considered more risky than others and that risk should create conditional actions in the lifecycle. All of your service accounts should also go through good governance practices and have regular attestations. All of these things are similar to good business practices in managing non-employees.
Things that service accounts should have that are business considerations, not account considerations.
1. Audit-able lifecycle process
- A well defined process for executing the request process around service accounts.
2. Relationship management
- Sponsor, or group sponsor assignment
- Sponsor change process
- Relationship to application(s)
3. Risk evaluation
- Ties to application criticality or data sensitivity, service accounts or bots should be categorized for organizational risk.
4. Governance by sponsorship
- Define who will attest and when. This information should be what feeds your identity governance platform
In the end managing an account with IT type of account practices is never as effective as managing the account with a well-defined business process that takes into account business relationships and risks.
If this is a challenge faced by your organization you aren’t alone, fill out our contact us form and we will tell you all about how best-in-class companies have leveraged our non-employee risk and lifecycle management tools to get full control of service account lifecycle.