Corporate executives live in constant fear of data breach scenarios which could leak sensitive assets out into the wild. But while headlines regarding elaborate cybercriminal operations may distract their attention, perhaps it would be better placed in establishing greater accountability for those whom have already been entrusted with the keys to the kingdom.

According to the latest research conducted by Enterprise Management Associates (EMA), more than half of global firms have cited regulating user access rights as their top compliance challenge. Part of the problem stems from unintended escalation of privileges as more users and devices are added to the company network. But perhaps the more serious threat revolves around the so-called "super-users" who are already vested with those privileges as a result of their IT administration duties.

Without a proper system of checks and balances, companies could open the door to everything from data compliance fines and lost revenue to brand damage and competitive disadvantage. In certain sectors, however, the fallout could be even worse. According to Beckers Hospital Review, incomplete or ineffective access control policies could cost providers access to crucial incentives and cost patients their rights to privacy.

Watching the watchmen
To make sure privileged account managers (PAMs) do not consciously or accidentally place corporate data in harm's way, executives must step in with a clear plan of action.

"Breaches do not discriminate; they can cause equally horrific damage to any organization, no matter how large or small," research collaborator Jackson Shaw explained. "It's time for companies to take note of the severe security risks posed by poor PAM practices, and seek out a comprehensive solution befitting the task."

According to EMA researchers, effective interventions begin by moving away from shared or unmanaged administrative access and toward individual accountability. Data security tools with robust policy management features can help reinforce these new organizational frameworks in several vital ways. Between role-based encryption rules and last resort recovery capabilities, companies have several digital solutions they can turn to when attempting to align policy with practice and protect information at all levels of the organization.

In addition to, or in conjunction with, this step, companies should also seek to reduce the complexity of PAM frameworks. As corporate networks become increasingly distributed and crowded with activity, it can be tempting to apply a web of ad-hoc controls just to keep pace. However, that strategy can quickly come back to bite a company as disparate IT systems and practices combine to create a virtually unmanageable ecosystem.

With fewer tasks and a more limited degree of power afforded to individual administrators, it becomes easier to retain the rule of least privilege and similar best practices as operations scale.