Skip to content

Instantly share code, notes, and snippets.

@devuri

devuri/Break Glass Plan for System Administrator.md

Created June 10, 2023 23:41
Show Gist options
  • Save devuri/46d4a75616258fd5616cc0616e726e0b to your computer and use it in GitHub Desktop.
Save devuri/46d4a75616258fd5616cc0616e726e0b to your computer and use it in GitHub Desktop.
Download ZIP
Break Glass Plan for System Administrator
Raw
Break Glass Plan for System Administrator.md

Break Glass Plan for System Administrator with Multiple Account Access

Fictional Company: Acme Technologies

Author: John Doe Authorized Personnel: Jane Smith, Michael Johnson, Sarah Thompson

Accounts and Platforms:

  1. Cloud Platform A (Admin Access)
  2. Hosting Provider B (Admin Access)
  3. Application C (Admin Access)
  4. Database D (Admin Access)

Access Criteria: The Break Glass procedure can be initiated under the following circumstances:

  1. System Administrator John Doe is unreachable for more than 24 hours due to unforeseen circumstances.
  2. There is a critical issue impacting business operations that requires immediate action.

Break Glass Plan

Secure Storage of Break Glass Credentials:

  • Use an encrypted password management solution (e.g., LastPass) with multi-factor authentication (MFA).
  • Grant access to the password vault only to authorized personnel.
  • Share the master password and instructions securely with authorized personnel.

Communication Channels:

  • Primary Communication: Secure messaging platform (e.g., Slack) for immediate communication.
  • Secondary Communication: Email and phone calls as backup channels.

Break Glass Procedure for Cloud Platform A:

  1. In case of emergency, Jane Smith initiates the Break Glass procedure.
  2. Jane accesses the encrypted password vault using her authorized credentials.
  3. Jane retrieves the admin credentials for Cloud Platform A.
  4. Jane communicates the necessary information to Michael and Sarah via the primary communication channel.
  5. Michael and Sarah access the platform using the provided credentials and their own 2FA tokens to perform the required tasks.
  6. All actions performed using the Break Glass access are logged in the audit trail.

Break Glass Procedure for Hosting Provider B, Application C, and Database D:

  1. The procedure for each platform follows a similar pattern as outlined above.
  2. The authorized personnel initiate the Break Glass procedure and follow the specific instructions for each platform.

Regular Review and Updates:

  • Conduct quarterly reviews of the Break Glass plan to ensure its effectiveness and accuracy.
  • Update the plan as needed based on changes in personnel, access requirements, or platforms.
  • Schedule and perform regular tests or simulations to validate the plan and identify areas for improvement.

Security Training and Awareness:

  • All authorized personnel undergo annual security training covering confidentiality, secure handling of credentials, and compliance with the Break Glass procedures.
  • Regularly remind authorized personnel of the Break Glass plan and their responsibilities.

Documentation:

  • Maintain detailed documentation outlining the Break Glass procedures for each platform.
  • Document the contact information of authorized personnel and any necessary instructions or protocols.

Audit Logging:

  • Enable comprehensive audit logging for all actions performed using Break Glass access.
  • Regularly review the audit logs to ensure accountability and detect any unauthorized or suspicious activities.

Drills and Simulations:

  • Conduct annual drills or simulations to test the effectiveness of the Break Glass plan.
  • Evaluate the performance of authorized personnel and identify areas for improvement.

Please note that this is a fictional example. Adapt the plan to fit your organization's specific needs, platforms, and access requirements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment