The system is near end of life

What do you do if you need to remediate a privileged account which support a system which is about to be retired, upgraded or is in the process of migrating to the cloud?

There may be scope to remediate the account, however by the time you make the change, the system may already have been removed or upgraded and the problem has been resolved. So you may have spent months and a small fortune trying to fix a problem that no longer exists.

On this scenario, there is obviously a balance to be struck between the urgency to fix a problem and the reality that your investment will have been wasted.

Sometimes it may be pragmatic to accept the short term risk, but making sure that you do what you can to mitigate the risk.
  • review and remove unnecessary privileges (e.g. service account are often installed with elevated privileges)
  • restrict access to the account
  • make the account non-interactive
  • monitor and alert for unusual activity