Sectona-Logo

Using Break Glass Accounts for Better Disaster Recovery

What is a Break Glass Situation?

A break glass situation represents an emergency scenario requiring immediate action, similar to smashing the glass on a fire alarm to get instant help. In IT and cybersecurity, this translates to situations where urgent access to critical systems is necessary to restore normal operations. 

What are Break Glass Accounts?

Break glass accounts are reserved emergency access accounts that grant privileged access to IT systems during break-glass scenarios. These accounts are not for regular use but are crucial for troubleshooting, incident response, and ensuring swift recovery and business continuity during emergencies.

When to Use Break Glass Accounts?

Break glass accounts are used in urgent situations where standard access mechanisms are unavailable or compromised. Here are some scenarios where these accounts might be necessary: 

Break glass account

Common Use Cases for Break Glass Situations

1. System Failure or Interruption of Service 

During a system outage or failure, break glass accounts allow IT staff to access critical systems immediately, enabling prompt issue resolution without waiting for regular access methods to be restored. 

2. Unauthorized Access 

In the event of unauthorized access, these emergency accounts facilitate immediate investigation and containment of the threat, allowing damage assessment and implementation of necessary security measures to prevent further intrusion. 

3. Unavailability of Authorized Personnel 

If key personnel with administrative privileges are unavailable due to any reason, break glass accounts ensure designated individuals can maintain business continuity and system maintenance. 

4. Disaster Recovery  

Following a natural disaster, a cyber-attack, or any other catastrophic event, these accounts enable organizations to quickly restore critical services and data, facilitating a faster recovery process. 

5. Compliance and Auditing 

Break glass accounts may be necessary to meet regulatory requirements or audit standards. These accounts are closely monitored and audited to ensure they are only accessed in authorized emergency situations. 

6. Healthcare Scenarios  

In healthcare environments, these accounts can be used to access electronic health records in emergency medical situations, where immediate access to patient information is crucial for providing timely and effective care. 

7. Cloud Service Management 

During a DDoS attack targeting cloud services, break glass accounts can be used to access cloud management platforms, scale resources, and activate DDoS protection services. 

8. Network Fortification 

The emergency accounts provide alternative access to firewalls, intrusion detection/prevention systems, and network devices during network infrastructure attacks, enabling the implementation of defensive measures. 

Setting Up and Managing Break Glass Accounts with Sectona

Sectona PAM provides a robust solution for setting up and managing break glass accounts, ensuring they are secure and effective. Here’s how each aspect is handled: 

1. Setting Up Break Glass Accounts 

 

  • Primary and Satellite Vaults: Sectona PAM stores credentials in a primary vault and can replicate them in a satellite vault. The satellite vault is an offline copy that synchronizes credentials by replicating them whenever changes occur. 
  • Role-Based Access Control (RBAC): The PAM solution allows the setup of break glass scenarios where two people must agree before emergency access is granted, ensuring no single point of failure exists. 
  • Unique Profile Keys: Satellite vault authentication is linked with unique profile keys generated during user creation, enhancing security during break glass scenarios. 

 

2. Managing Break Glass Accounts 

 

  • Access Restriction: Limit the use of break glass accounts to a small group of highly privileged users and ensure access is available only for a limited period. 
  • Usage Monitoring: Closely monitor the use of break glass accounts, recording privileged user behaviour for forensic follow-up and auditing. 
  • Policy Documentation: Document the requirements and procedures for using break glass accounts as part of your cybersecurity policy. 
  • Regular Testing: Regularly test the use of break glass accounts as per your incident response plan to ensure they work effectively during an actual emergency. 
  • Disabling After Use: After a break glass account is used, disable or delete it to prevent misuse or unauthorized access. 
  • Avoiding Single Points of Failure: Modern PAM solutions like Sectona are designed for high availability, using multiple servers in a clustered environment to provide automatic failover and continuous access to secrets, even during catastrophic emergencies. This ensures that break glass processes are resilient and reliable. 

Break glass accounts are a vital component of disaster recovery and incident response strategies. Implementing and managing these accounts with solutions like Sectona PAM can enhance your organization’s resilience against outages, breaches, and other disastrous events. By following best practices for setting up and managing break glass accounts, you can ensure they are used securely and efficiently, minimizing risks and maintaining operational integrity during critical situations.