<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

Break Glass Explained: Why You Need It for Privileged Accounts

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Identity and access management (IAM) and privileged access management (PAM) are critical security tools for modern organizations. However, they can sometimes bar users from accessing critical systems and services, potentially impacting production, customer experience, and cybersecurity. In urgent cases, a method of bypassing normal security controls to regain access—called “break glass”—is needed. In this post, we’ll walk you through the break-glass process—what it is, why it’s important, and how to execute it.

What Is Break Glass?

Break glass refers to a method of bypassing security controls that normally guard a system or service. The term “break glass” is a reference to someone breaking a glass stopper to pull a fire alarm. In some situations, a user may be unable to gain authorized access as they normally would.

Examples include a data breach, security tool-tool failure, or lockout due to a forgotten password. Break glass will allow them to circumvent their organization’s IAM or PAM solution and regain access. A dedicated, pre-staged break-glass user account is created as a backup for emergency situations. 

The break-glass account is highly privileged, as it allows access to critical systems, such as root accounts. Break-glass accounts are typically monitored, tested, documented, and managed to prevent inappropriate use. Break-glass credentials have a limited lifespan to restrict use to emergencies or other unusual events and avoid mishandling.

The Importance of Break Glass

PAM and multi-factor authentication (MFA) involve rigid rules designed to say “No” to unauthorized users or cyber attackers. But these security controls can also lock out benign users, potentially hurting business continuity and emergency response. 

In some cases, attackers can leverage an organization’s security controls to thwart the threat responders trying to catch them. In some industries, such as healthcare or disaster management, a security lockout may put lives or property at risk. For these and other reasons, break glass is a must-have backup measure. 

Break glass may provide crucial recourse in cases where break-glass access is the only route back into systems and applications, like the following:

  • The organization’s PAM tool is unavailable due to downtime or maintenance. 
  • The PAM tool’s normal authentication process fails because the server is down. 
  • MFA is unavailable because of a network outage. 
  • Cyberattack. For example, a DDoS attack can prevent anyone from logging in. 
  • PAM or MFA safety feature locks out a user for typing the wrong password too many times. 
  • A user may lock himself/herself out of a tenant with conditional access policies. 
  • Failure of federation services. 
  • A service outage. 

IAM and PAM deployments are critical for security. So is a backup method to bypass them in urgent or unexpected situations. Organizations should look for solutions like StrongDM that combine secure IAM and PAM tools with the ability to allow for emergency break-glass access. 

Break Glass Process Overview

A break-glass process features several well-defined steps to enable break-glass access when needed. The process is pre-planned, managed, and audited to prevent abuse and quickly return to normal access controls afterward. 

An organization must first determine who will be allowed emergency break-glass access and under what circumstances. They must then create pre-staged break-glass accounts with global admin rights, exempt from normal access controls like MFA. These accounts should not be connected to any other systems. 

A rule of thumb is to set up one break-glass account per platform. Some cybersecurity experts recommend adding a second break-glass account—a backup for the backup—to be on the safe side. These emergency user accounts are managed and distributed to ensure quick availability with minimum administrative delay. 

Who ultimately guards break-glass accounts? A best practice is to assign the role of an emergency account manager to someone available during operating hours. This individual distributes the accounts with a sign-out method requiring identification from the requestor.

In the event of an emergency, the break-glass procedure typically looks like this: 

  1. A user requests break-glass access to an account they are locked out of. Perhaps a service outage has occurred, a DDoS attack is preventing log in, or they are not normally authorized to access the account, for example. 
  2. The emergency account manager receives notification that the break glass process has begun. Their pre-approval may or may not be necessary for the requester to obtain the username and password for the emergency account. In all cases, the account manager will normally request an acceptable form of identification from the requester and record it for auditing purposes.
  3. The requester gains account access.
  4. The whole procedure is monitored for later auditing. The use of the emergency account should be reviewed for inappropriate or suspicious activity. During clean-up, the account used should be deleted or disabled, and new account credentials created. 

The ideal break-glass procedure may depend on an organization’s IT environment. For example, those operating solely on-premises may store emergency credentials on a hardware key, such as a Yubikey, kept inside a physical vault for extra security. 

On the other hand, those based primarily in the cloud may temporarily remove Service Control Policies (SCPs) in emergencies. This lets users use the cloud provider’s console to access machines.

Why Tools in Your Security System Need To Support Break Glass

IAM and PAM are crucial for security. But when they prevent users from accessing critical systems or services, they can negatively impact production, customer experience, and, ironically, cybersecurity response. For these and other reasons, organizations must choose tools for their security system that support break glass. 

Speed is everything when there is a breach. Getting into a compromised system in time to thwart an attack can spare companies huge costs and loss of reputation. Likewise, problems with software running in production can seriously impact customer experience. Developers are pressed to troubleshoot and conduct incident investigations on the fly to keep things running smoothly. Something as basic as authenticating their identities should not be a barrier. 

A reliable break-glass plan provides a quick way around IAM- and PAM-related problems and helps developers and threat responders stay on top of their game, no matter what. And that requires security and authentication tools like StrongDM, with the openness and flexibility to support a frustration-free break-glass procedure from start to finish. 

StrongDM Break Glass Scenarios

StrongDM is a proxy that combines authentication, authorization, networking, and observability into a single product. As such, it simplifies access security, authentication, and auditing for your workflows. As a comprehensive solution, StrongDM also enables emergency break-glass access when necessary. In fact, with StrongDM, the whole break-glass process requires just a few simple steps. 

The process involves creating accounts for a break-glass scenario, protecting those accounts, and closely monitoring access to them. Here’s how it’s done, step by step:

  • Create local break-glass accounts on the end resource.
  • Store them in a vault (preferably one that requires at least two people to access or uses Shamir Secret Sharing).
  • Alert on access to the accounts outside of emergency situations.
  • Rotate break-glass credentials after each incident.

Depending on the environment, there are additional considerations for on-premises vs. cloud environments.

Conclusion

It’s never wise to compromise on security. Strong MFA and PAM processes are crucial in today’s threat-ridden virtual landscape. However, when authentication tools lock out users due to service disruption or a threat, a method for bypassing them is equally crucial. For this reason, support for break glass should be a core requirement in an organization’s IAM and PAM deployments.

See StrongDM in action, book a demo.


About the Author

, Sales Enablement Manager, as an accomplished Product Marketing Manager in the technology industry with over 5 years of experience, Fazila transitioned to a Sales Enablement leader position passionate about empowering go-to-market teams to excel in their roles. Throughout her career, she has worked with a range of technology products, including software applications and cloud-based solutions. Fazila is a member of the Product Marketing Alliance and an AWS Cloud Certified Practitioner. To contact Fazila, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Mitigating Shadow Access Risks with Zero Trust PAM
Mitigating Shadow Access Risks with Zero Trust PAM
Discover how StrongDM's Zero Trust PAM and fine-grained authorization secure cloud data plane access and mitigate shadow access risks without hindering productivity.
Cedar for Kubernetes: Authorization That Speaks Your Language
Cedar for Kubernetes: Authorization That Speaks Your Language
By simplifying the ability to enforce granular policies, Cedar has set a new benchmark for access control in Kubernetes, and we’re thrilled to be part of this journey. This evolution is a milestone for anyone dedicated to securing cloud infrastructure.
How To Change PostgreSQL User Password (3 Methods)
How To Change PostgreSQL User Password (3 Methods)
Data breaches have cost companies across industries an average of $4.88 million this year. Luckily, effectively preventing them comes down to simply managing user credentials effectively. In fact, regularly updating user passwords can notably reduce the risk of unauthorized access and data theft. Ready to level up your cybersecurity game? Here’s a step-by-step guide on how to change a PostgreSQL user password, why it’s important, and the best practices for securing your database. Read on!
How to Create Users in Linux with useradd (Step-by-Step)
How to Create Users in Linux with useradd (Step-by-Step)
Setting permissions, revoking access, and performing other user management duties in Linux can improve your system's security and organization, ensuring users can access the resources they need when they need to. The useradd command lets you create, modify, and check user accounts, helping you handle multi-user environments across various Linux distributions.
How to Change Password in Linux: A Step-by-Step Guide
How to Change Password in Linux: A Step-by-Step Guide
Explore our in-depth guide on how to change and edit passwords in Linux using various commands and tools. Also, learn some advanced Linux password management techniques.