As more services adopt single sign-on (SSO), we're trying to establish procedures for managing physical records of emergency local logins. Previously, we didn't have any protocols, but we've drafted a few ideas, like storing copies in different locations and conducting regular checks. I'm curious if anyone has additional suggestions or best practices for this process?
3 Answers
In our organization, we have a 'Break-Glass' procedure for handling Azure accounts. The login information is securely stored at our corporate office and is exempt from SSO, which makes it more accessible when needed. We also have a monitoring system with our SOC to get alerts for any activity on these accounts. To ensure everything functions properly, we test these accounts every couple of months.
Why not just stick some notes under each server? Just kidding! In all seriousness, we have a fireproof vault with envelopes containing all critical login credentials, along with a secure spreadsheet for IT. Whenever there’s a change in admin staff, we update everything to keep it secure.
Make sure this process aligns with your Business Continuity and Disaster Recovery plans (BCDR). Some companies keep their backup credentials in highly secure physical locations, like a safe deposit box that needs multiple keys to access. It's also essential that your recovery plans don't rely on systems that might fail during emergencies—like if you use specific services to authenticate. Always assume that you can’t rely on anything working and ensure you have a paper copy of your procedures available.
That makes sense! We have similar procedures in place, and I find that regular testing really puts my mind at ease. It's crucial to ensure those backups are reliable.