Break Glass Procedure: Break the Glass Credentials: Ensuring Emergency Access in Critical Scenarios

Break-Glass access refers to a mechanism or process that allows authorized individuals to gain immediate access to critical systems, applications, or sensitive information in emergency situations. It is typically used when normal access controls cannot be followed due to urgent circumstances or the unavailability of primary personnel responsible for managing those systems.

The term “Break-Glass” comes from the concept of breaking the glass of a protective case to access emergency equipment, such as a fire extinguisher. Similarly, in the context of technology and information security, Break-Glass access provides a way to bypass normal access controls and quickly address urgent situations.

Break-Glass access is often implemented with strict protocols and safeguards to ensure that it is used only when necessary and by authorized personnel. It is not meant for routine or everyday use, but rather for exceptional circumstances where immediate action is required to prevent significant disruptions or mitigate risks.

The specific implementation of Break-Glass access can vary depending on the organization and the systems involved. It typically involves predefined procedures, documented guidelines, and security measures to ensure accountability and minimize the potential for abuse or unauthorized access. Examples of situations where Break-Glass access may be necessary include when the primary system administrator is unavailable due to illness, injury, or other unexpected events.

Overall, Break-Glass access provides a contingency plan to address critical situations and ensure the continuity of operations, even when normal access controls cannot be followed. Its purpose is to strike a balance between providing immediate access in emergencies and maintaining the security and integrity of the systems and information involved.

In certain scenarios, particularly when dealing with a single system administrator, it becomes essential to establish a mechanism for accessing critical systems in emergencies. Break the Glass (BTG) credentials serve as a fail-safe measure, allowing authorized personnel to gain access to important resources when immediate action is required. In this blog post, we will explore the concept of BTG credentials, discuss their importance, and provide guidelines for implementing them effectively while maintaining security.

  1. Understanding the Need for Break the Glass Credentials:
    Break the Glass credentials are designed to address situations where the primary system administrator or key personnel are unexpectedly unavailable due to unforeseen circumstances. In such cases, having a predetermined emergency access mechanism ensures the continuity of critical operations and minimizes downtime. However, it is crucial to strike a balance between accessibility and security to prevent unauthorized access.
  2. Define Strict Access Protocols:
    Establish a well-defined access protocol for BTG credentials to maintain security. This includes clearly identifying who is authorized to access the emergency credentials and under what circumstances. Consider limiting BTG access to a select group of trusted individuals, such as senior team members or executives, who have undergone appropriate security training.
  3. Implement Two-Factor Authentication (2FA):
    To enhance the security of BTG credentials, require the use of two-factor authentication. This ensures that a second layer of verification is necessary to access the emergency accounts. Two-factor authentication can involve something the user knows (e.g., a password) and something the user possesses (e.g., a physical token or mobile device).
  4. Limit Access Privileges:
    Minimize potential risks by assigning limited access privileges to BTG accounts. Grant only the minimum necessary permissions required to perform emergency tasks. This reduces the chance of accidental or intentional misuse of the emergency credentials.
  5. Establish an Audit Trail:
    Maintain a comprehensive audit trail of all activities performed using BTG credentials. This enables monitoring and tracking of access, allowing for accountability and identifying any potential security breaches. Regularly review the audit logs to ensure compliance and detect any suspicious or unauthorized activities.
  6. Regularly Review and Update BTG Procedures:
    Review and update the BTG procedures periodically to reflect changes in personnel or systems. As employees join or leave the organization, ensure that access rights to BTG credentials are adjusted accordingly. Additionally, conduct regular drills or simulations to test the effectiveness of the BTG procedures and identify areas for improvement.
  7. Implement Time-Limited BTG Access:
    To further enhance security, consider implementing time-limited access for BTG credentials. Set expiration dates or implement mechanisms that automatically revoke BTG access after a specific period. This helps prevent prolonged, unauthorized access and ensures that emergency access remains a temporary measure.
  8. Maintain Secure Storage of BTG Credentials:
    Store BTG credentials in a secure manner, such as using an encrypted password management solution. Avoid sharing credentials through insecure channels like email or messaging platforms. Only authorized individuals should have access to the encrypted credentials repository, and strong access controls should be in place to protect it.
  9. Conduct Regular Security Training:
    Ensure that all authorized individuals who have access to BTG credentials undergo regular security training. This training should cover topics such as the importance of confidentiality, secure handling of credentials, and best practices for emergency access. By educating personnel, you minimize the risk of accidental or negligent security breaches.

Example Plan: https://gist.github.com/devuri/46d4a75616258fd5616cc0616e726e0b

Conclusion:
Break the Glass credentials serve as a vital safety net in critical situations, especially when a single system administrator is involved. By implementing strict access protocols, employing two-factor authentication, limiting privileges, maintaining audit trails, and conducting regular reviews and training, you can strike a balance between accessibility and security. Remember, the goal is to ensure that emergency access remains a controlled and temporary measure, minimizing disruption and maintaining the integrity.

AWS Whitepaper: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-access.html

Break Glass Procedure: Granting Emergency Access to Critical ePHI Systems: https://hipaa.yale.edu/security/break-glass-procedure-granting-emergency-access-critical-ephi-systems

What is Break-Glass Access? https://www.ssh.com/academy/secrets-management/what-is-break-glass-access

https://www.beyondtrust.com/blog/entry/provide-security-privileged-accounts-with-break-glass-process