What is a break glass account?
Posted on October 27, 2023 by Louise Howland
When you’re creating your business recovery and contingency plans, you may have considered emergency contact numbers and client communications. You’ll have documented who your key point of contact can be, making sure line managers have their employees’ phone numbers as well as how you’ll let your customers know you’re having system issues.
But have you thought about how you can get back into your digital systems during an emergency, like a cyber-attack? That’s where a break glass account, sometimes called an emergency access account, comes in. Like a fire alarm, a break glass account is a global admin account that allows you to gain access to your emails again.
What is a break glass account?
A break glass account is an account that is only accessible in an emergency situation, like a cyber-attack. It’s a global admin account that can help to restore access to your employees and your clients once any threats have been removed. The credentials associated with it are hidden from most users, stored in a safe place and are only available to certain people in case of an emergency.
A break glass account will often use multi-factor authentication methods that aren’t reliant on WiFi access or phone service being available, as well as methods that aren’t linked to any one employee such as a code that is sent to one person’s phone number. You need a method that anyone can use, regardless of where they are in the world.
It’s called a break glass account as a reference to fire alarms that are locked behind a screen saying, “break glass in case of emergency.” Essentially, you only break the glass when it’s necessary to. This name refers to the situations where you would need a break glass account, namely emergency access in the case of a serious situation.
Why do you need a break glass account?
A break glass account is useful when there’s a cell phone tower outage, a natural disaster, such as flooding or a fire, or a cyber-attack. If you cannot access the rest of your accounts on Microsoft 365 or other major platforms, a break glass account with global admin privileges helps you gain access and recover any other affected accounts.
You might also use a break glass account in the case of a global admin leaving suddenly, allowing someone else to access tasks or documents associated with the role. Global admins are ones with access to absolutely everything in Microsoft 365, Google Workspace or a similar system.
No matter the size or industry, a break glass account is essential for any company. For your clients, a break glass account enables business continuity and the levels of customer service you pride yourself on. Just like fire alarms in an office or carbon monoxide alarms in your home, a break glass account helps you to identify issues and fix them quickly without the need for painful recovery processes.
Considerations for a break glass account
There are many things you and your IT and cybersecurity support provider should consider when creating a break glass account. Here are just some of the areas we work through when creating break glass accounts with clients:
1. Don’t associate the account with any one user
Key people within your business can leave suddenly, which could leave you short-handed and without access to important files. Having your entire IT infrastructure reliant on a single person is never a good idea and only leaves you prone to serious issues.
Your break glass should be completely separate from any user. It also shouldn’t follow a standard naming pattern, for example, first name last name email addresses, to avoid a cybercriminal being able to deduce the account pattern and break in.
2. Exclude the account from any organisation-wide policies
Most organisations will have a variety of Microsoft 365 and Azure policies in place designed to help enforce best practices. These are often things like multi-factor authentication, stopping unusual logins, or account timeouts after idle periods. To prevent any issues during an emergency, you should ask your IT provider to exclude the account from any policies that could impact the function of the break glass account.
3. Create more than one
Depending on the size of your organisation, you may want more than one break glass account. This way, you have a fail-safe for the fail-safe, and it can never hurt to be more than prepared. It may seem like overkill but having these two core accounts with shared responsibility across the organisation reduces the risk of you losing considerable data and business time. It’s the same principle as the heir to the throne, Prince William, and his son, George, technically not being allowed on the same plane or mode of travel due to the risk of losing an heir.
4. Have a login monitor
While you don’t want to restrict the logins of a break glass account, it’s a good idea to monitor any logins to prevent unwanted access. If an ex-employee knows the logins and chooses to use them maliciously, you’ll want to know that the break glass account has been accessed. It’s the same as the fire alarm going off when the button is pressed; it alerts everyone to the ongoing issue.
5. Once used, change the password
Once you’ve had to access and use the break glass account, it’s really important to change the password. Just like you’d have to reset an alarm system after it was triggered, the same principles should apply to your break glass account.
Who should have access to your break glass account?
As well as key members of your business, you should share access with your cybersecurity partner or IT support provider so they can help you recover your systems should the worst happen. Break glass accounts should be shared sensibly with senior members of the company, as well as people who are IT savvy or hired IT professionals.
Are you looking to strengthen your business continuity processes?
Here at ramsac, we work with many businesses just like yours that want to create a strong disaster recovery process. We help create a robust recovery plan, as well as aid you in recovery if disaster does strike.
Speak to us today about how we can help you to create a strong disaster recovery process.