A Break Glass Access Control System is a concept that originates from emergency alarms, such as fire alarms guarded by “break glass” stations. These stations secure an alarm lever or button behind glass to ensure use only during extreme emergencies. It is important to note that the alarm cannot be “turned off” without physically removing and replacing a component in the station.
In computing, “break glass” refers to a technique used to access a system in urgent conditions for bypassing standard security measures.
This article will explore Break Glass Access Control Systems by covering the following topics:
What is a Break Glass Access Control System?
Access control models are typically very rigid, so permissions based on a specific policy rarely change. However, in many cases, it is necessary for access control, or the underlying policy, to provide additional flexibility. This applies especially to health care and disaster management industries.
In such contexts, break glass is one strategy for providing flexible policy assistance to prevent system stagnation that could endanger lives or cause other losses.
A Break Glass Access Control System refers to a quick and simple way for someone, who has the correct access privileges, to access restricted data in an emergency. Break glass procedures must be created, documented, implemented, and tested in systems that store electronically protected sensitive information. These procedures are necessary so that in the case of an emergency it is possible to gain necessary access to this critical information.
It is crucial that break glass control procedures are well-documented and easily understood; so that there is a clear policy for facilitating alternative and/or manual access to data.
For more information read about:
The 3 Parts of a Break Glass Access Control Process
There are three essential parts to address before implementing a break glass access control solution:
1. Create Virtually Secure Emergency Accounts in the Cloud
You can initiate a break glass operation with as little as two emergency accounts in the cloud. The emergency accounts should not be connected to any local systems and the credentials should be shared with only those authorized to use break glass access.
2. Establish Password Security
One way to increase password security is to split your emergency access account password into at least two parts and store them in separate fireproof safes. Then if a break glass scenario occurs, an administrator with the credentials can reconnect the two halves.
3. Set Initial Configuration Options
You should allocate permanent global administrator roles to several well-trusted individuals within the organization. Further, you should ensure that all administrations use multi-factor authentication (MFA). However, the MFA should not be required for break glass accounts if the employees with break glass privileges only have access to their own devices.
Examples of Break Glass Access Control
Here are some examples of typical break glass access control scenarios:
- MFA Required Accounts: In this example, administrators require MFA to gain access to a new set of privileges. The verification is via either phone or text message; however, due to a cellular network outage, this is not possible. If the company has authentication override mechanisms, the system administrator can start “breaking the glass” and enable the necessary roles.
- Privileged Account Management (PAM): Ordinarily, privileged administrator credentials are stored in an encrypted vault within a PAM system. However, there are several situations in which losing access to the vault might make retrieving credentials for administrative accounts difficult. Emergency break glass protocols are in place if the sole system administrator who can access the password vault leaves the company or a DDoS assault prevents anyone from logging in.
- Emergency ePHI access: Credentials for ePHI accounts that are lost or stolen might delay or even prevent emergency treatment. A break glass method allows an unprivileged or visiting caregiver to access a restricted account and provide the necessary treatments.
Break Glass Access Control Best Practices
To leverage break glass access control to your organization’s advantage, there are some best practices you can follow:
Require MFA in Most Cases
You should implement MFA for all users to limit the chance of an attack originating from a compromised password. However, there should be break glass authentication overrides that are not dependent on phone or text MFAs.
At Least One Non-Conditional Access Account
There should be at least one account with emergency access that is exempt from all conditional access rules. This will ensure that there is at least one access point during an emergency.
Keep Your Account Credentials Secure
Organizations should ensure that only authorized personnel can access emergency access account credentials.
As mentioned earlier, a password for an emergency access account is usually broken up into two or three parts and maintained in secure, fireproof safes located in secure places that are separate from one another.
If you choose to implement password protection, be sure to use strong, randomly generated non-expiring passwords that are at least 16 characters long.
Keep an Eye on Audit Records and Sign-in Activity
In an emergency, companies should keep tabs on who signs in and what they do once logged in and alert the appropriate people in charge. You can monitor break glass accounts to ensure they are only used for testing and actual situations.
Federation Guidance
It is important to keep the emergency access to on-premises systems and the emergency access to cloud services separate and independent. In the event of a system outage, it is not worth the extra risk introduced by mastering or sourcing authentication for accounts with emergency access privileges from other systems.
Conclusion
Business continuity planning is based on preparing for and responding to disruptions in operations. Any difficulty, including losing access to a system or server, is just as bad. It is important to have a comprehensive recovery plan, and break glass access solutions are a key ingredient.
Satori provides easily implemented attribute-based access controls. Using Satori’s data fine-grained access control policies you can simply and easily implement a break glass access control system.
To find out more about Sator’s access control options: