When offering cloud services, the organisation should specify the requirements needed for use of utility programs in relation to the cloud service it provides.
Organisation should make sure that the use of utility programs that can bypass normal operating or security procedures is limited to authorized personnel. The use and usefulness of these utility programs should be reviewed regularly.
The system or application login procedure should be designed to minimize the potential for unauthorized access.
The login process should therefore disclose as little information about the system or application as possible so as not to unnecessarily assist an unauthorized user. Criteria for a good login procedure include e.g.: