Service Account


Service Account (or Application Accounts) are a Digital Identity that is used by an application or services to interact with the other Applications or the Operating System.

Service Account may have domain administrative privileges depending on the requirements of the application they are being used for. Local Service Accounts may interact with a variety of Operating System components which makes coordinating password changes difficult. This challenge usually means the passwords are rarely changed – representing a significant risk across an Organizational Entity.

Service Account used by applications to access databases, run batch jobs or scripts, or provide access to other applications. These Privileged Identity usually have broad access to underlying company data Stores that resides in applications and databases. Passwords for these accounts are often embedded and stored in unencrypted text files, a vulnerability that is replicated across multiple servers to provide greater fault tolerance for applications. This vulnerability represents a significant risk to an organizational Entity because the applications often host the exact data that Advanced Persistent Threats consider as an Item of Interest.

Service Account Google Cloud Platform [1]#

A Service Account on Google Cloud Platform is an account that belongs to your application instead of to an individual end-User. A Service Account is used in an application that calls APIs on behalf of an application that does not access user information. This type of application needs to prove its own identity, but it does not need a user to authorize prequests].

For example, if your Google Cloud Project employs server-to-server interactions such as those between a web application and Google Cloud Storage, then you need a Private Key and other Service Account credentials.

More Information#

There might be more information for this subject on one of the following: