<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon
Search
Close icon
Search bar icon
Blog / Security

Break Glass Explained: Why You Need It for Privileged Accounts

Fazila Malik
by
Sales Enablement Manager
StrongDM
4 min read
Last updated on: August 29, 2024
Found in: Security Access
StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen
Get a demo
Break Glass Explained: Why You Need It for Privileged Accounts

Identity and access management (IAM) and privileged access management (PAM) are critical security tools for modern organizations. However, they can sometimes bar users from accessing critical systems and services, potentially impacting production, customer experience, and cybersecurity. In urgent cases, a method of bypassing normal security controls to regain access—called “break glass”—is needed. In this post, we’ll walk you through the break-glass process—what it is, why it’s important, and how to execute it.

What Is Break Glass?

Break glass refers to a method of bypassing security controls that normally guard a system or service. The term “break glass” is a reference to someone breaking a glass stopper to pull a fire alarm. In some situations, a user may be unable to gain authorized access as they normally would.

Examples include a data breach, security tool-tool failure, or lockout due to a forgotten password. Break glass will allow them to circumvent their organization’s IAM or PAM solution and regain access. A dedicated, pre-staged break-glass user account is created as a backup for emergency situations. 

The break-glass account is highly privileged, as it allows access to critical systems, such as root accounts. Break-glass accounts are typically monitored, tested, documented, and managed to prevent inappropriate use. Break-glass credentials have a limited lifespan to restrict use to emergencies or other unusual events and avoid mishandling.

The Importance of Break Glass

PAM and multi-factor authentication (MFA) involve rigid rules designed to say “No” to unauthorized users or cyber attackers. But these security controls can also lock out benign users, potentially hurting business continuity and emergency response. 

In some cases, attackers can leverage an organization’s security controls to thwart the threat responders trying to catch them. In some industries, such as healthcare or disaster management, a security lockout may put lives or property at risk. For these and other reasons, break glass is a must-have backup measure. 

Break glass may provide crucial recourse in cases where break-glass access is the only route back into systems and applications, like the following:

  • The organization’s PAM tool is unavailable due to downtime or maintenance. 
  • The PAM tool’s normal authentication process fails because the server is down. 
  • MFA is unavailable because of a network outage. 
  • Cyberattack. For example, a DDoS attack can prevent anyone from logging in. 
  • PAM or MFA safety feature locks out a user for typing the wrong password too many times. 
  • A user may lock himself/herself out of a tenant with conditional access policies. 
  • Failure of federation services. 
  • A service outage. 

IAM and PAM deployments are critical for security. So is a backup method to bypass them in urgent or unexpected situations. Organizations should look for solutions like StrongDM that combine secure IAM and PAM tools with the ability to allow for emergency break-glass access. 

Break Glass Process Overview

A break-glass process features several well-defined steps to enable break-glass access when needed. The process is pre-planned, managed, and audited to prevent abuse and quickly return to normal access controls afterward. 

An organization must first determine who will be allowed emergency break-glass access and under what circumstances. They must then create pre-staged break-glass accounts with global admin rights, exempt from normal access controls like MFA. These accounts should not be connected to any other systems. 

A rule of thumb is to set up one break-glass account per platform. Some cybersecurity experts recommend adding a second break-glass account—a backup for the backup—to be on the safe side. These emergency user accounts are managed and distributed to ensure quick availability with minimum administrative delay. 

Who ultimately guards break-glass accounts? A best practice is to assign the role of an emergency account manager to someone available during operating hours. This individual distributes the accounts with a sign-out method requiring identification from the requestor.

In the event of an emergency, the break-glass procedure typically looks like this: 

  1. A user requests break-glass access to an account they are locked out of. Perhaps a service outage has occurred, a DDoS attack is preventing log in, or they are not normally authorized to access the account, for example. 
  2. The emergency account manager receives notification that the break glass process has begun. Their pre-approval may or may not be necessary for the requester to obtain the username and password for the emergency account. In all cases, the account manager will normally request an acceptable form of identification from the requester and record it for auditing purposes.
  3. The requester gains account access.
  4. The whole procedure is monitored for later auditing. The use of the emergency account should be reviewed for inappropriate or suspicious activity. During clean-up, the account used should be deleted or disabled, and new account credentials created. 

The ideal break-glass procedure may depend on an organization’s IT environment. For example, those operating solely on-premises may store emergency credentials on a hardware key, such as a Yubikey, kept inside a physical vault for extra security. 

On the other hand, those based primarily in the cloud may temporarily remove Service Control Policies (SCPs) in emergencies. This lets users use the cloud provider’s console to access machines.

Why Tools in Your Security System Need To Support Break Glass

IAM and PAM are crucial for security. But when they prevent users from accessing critical systems or services, they can negatively impact production, customer experience, and, ironically, cybersecurity response. For these and other reasons, organizations must choose tools for their security system that support break glass. 

Speed is everything when there is a breach. Getting into a compromised system in time to thwart an attack can spare companies huge costs and loss of reputation. Likewise, problems with software running in production can seriously impact customer experience. Developers are pressed to troubleshoot and conduct incident investigations on the fly to keep things running smoothly. Something as basic as authenticating their identities should not be a barrier. 

A reliable break-glass plan provides a quick way around IAM- and PAM-related problems and helps developers and threat responders stay on top of their game, no matter what. And that requires security and authentication tools like StrongDM, with the openness and flexibility to support a frustration-free break-glass procedure from start to finish. 

StrongDM Break Glass Scenarios

StrongDM is a proxy that combines authentication, authorization, networking, and observability into a single product. As such, it simplifies access security, authentication, and auditing for your workflows. As a comprehensive solution, StrongDM also enables emergency break-glass access when necessary. In fact, with StrongDM, the whole break-glass process requires just a few simple steps. 

The process involves creating accounts for a break-glass scenario, protecting those accounts, and closely monitoring access to them. Here’s how it’s done, step by step:

  • Create local break-glass accounts on the end resource.
  • Store them in a vault (preferably one that requires at least two people to access or uses Shamir Secret Sharing).
  • Alert on access to the accounts outside of emergency situations.
  • Rotate break-glass credentials after each incident.

Depending on the environment, there are additional considerations for on-premises vs. cloud environments.

Conclusion

It’s never wise to compromise on security. Strong MFA and PAM processes are crucial in today’s threat-ridden virtual landscape. However, when authentication tools lock out users due to service disruption or a threat, a method for bypassing them is equally crucial. For this reason, support for break glass should be a core requirement in an organization’s IAM and PAM deployments.

See StrongDM in action, book a demo.

About the Author

, Sales Enablement Manager, as an accomplished Product Marketing Manager in the technology industry with over 5 years of experience, Fazila transitioned to a Sales Enablement leader position passionate about empowering go-to-market teams to excel in their roles. Throughout her career, she has worked with a range of technology products, including software applications and cloud-based solutions. Fazila is a member of the Product Marketing Alliance and an AWS Cloud Certified Practitioner. To contact Fazila, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

How to Change Password in Linux: A Step-by-Step Guide
How to Change Password in Linux: A Step-by-Step Guide
Explore our in-depth guide on how to change and edit passwords in Linux using various commands and tools. Also, learn some advanced Linux password management techniques.
How to Extract or Unzip .tar.gz Files in Linux (With Examples)
How to Extract or Unzip .tar.gz Files in Linux (With Examples)
A .tar.gz file is a compressed archive file format that combines the tar and gzip formats. These files are popular among system administrators, developers, and regular computer users for archiving and compression. You might need to extract or unzip .tar.gz files if you're transferring big datasets or distributing software with Linux, the third-most popular desktop operating system in the world.
Securing Network Devices with StrongDM's Zero Trust PAM Platform
Securing Network Devices with StrongDM's Zero Trust PAM Platform
Let’s talk about the unsung heroes of your on-premises infrastructure: network devices. These are the routers, switches, and firewalls that everyone forgets about…and takes for granted—until something breaks. And when one of those somethings breaks, it leads to some pretty bad stuff. If your network goes down, that’s bad, bad, bad for business. But if those devices lack the necessary security, well, that can leave you exposed in an incredibly dangerous way.
What Is Zero Trust for the Cloud? (And Why It's Important)
What Is Zero Trust for the Cloud? (And Why It's Important)
Zero Trust cloud security is a cybersecurity model that operates on the principle that no user, device, system, or action should be trusted by default — even if it's inside your organization’s own network. This approach minimizes the risk of breaches and other cyber threats by limiting access to sensitive information and resources based on user roles, device security posture, and contextual factors.
Incident Response Plan: Your 7-Step Process
Incident Response Plan: Your 7-Step Process
If organizations hope to minimize their exposure to attacks and mitigate any damage done by a threat, they must have a comprehensive incident response plan. An effective plan will detect, contain, and enable rapid recovery from security breaches, preserving your business continuity and operability. We've outlined seven incident response steps for you to follow so you can be prepared for a threat.