Service Account

A service account is an account that isn't tied to a specific human being. Instead of ownership and top-level control living on the CEO's or CFO's personal login, it lives on a dedicated account — commonly something like itadmin@yourdomain.com — whose credential is stored in the organization's password manager and retrieved only when needed.

The security benefit is significant. Executives are the most heavily targeted people in any organization. If the credential with ultimate authority over your environment is an executive's everyday account, a single successful phishing attack is catastrophic. If that authority sits on a service account that's rarely touched and locked in a password manager, the people most likely to be attacked are no longer holding the keys to everything.

As a convention, the service account should be the owner of record of your major platforms — Microsoft, Google, accounting, and so on — with a principal listed as owner only in the few places that genuinely call for it.