Session recording adoption takes off

Session recording adoption takes off
Acronis RMM’s selective session recording became generally available on April 22, 2026, and adoption rose quickly across thousands of tenants over the next two months. The feature is being used broadly and substantively for privileged remote-access audit evidence, with especially strong uptake in Canada, Switzerland, Japan, South Africa, and Brazil. #AcronisRMM #AU14 #NISTSP80053 #GDPR #ISOIEC270012022

Keypoints

  • Selective session recording became generally available on Acronis RMM on April 22, 2026.
  • Weekly recording volume grew about 178% from the first full week to its peak, while weekly recording tenants roughly doubled.
  • Adoption is broad-based: the busiest tenant accounts for only about 1.2% of recordings, and the top 10 together account for less than 10%.
  • Recorded sessions are substantive, averaging about 13 minutes and totaling several thousand hours of privileged-session evidence.
  • Adoption is strongest in Canada, Switzerland, Japan, South Africa, and Brazil, while major European markets remain in the low single digits.
  • The article frames session recording as a compliance and incident-response control aligned with NIST SP 800-53 AU-14, ISO/IEC 27001, GDPR Article 32, ENISA guidance, and CIS Controls v8.
  • Recommendations are provided for SMBs, MSPs, and customers to enable, document, retain, and review session recordings.

MITRE Techniques

  • [T1021 ] Remote Services – Privileged remote desktop administration is the activity being recorded for audit and accountability (‘privileged remote work’ and ‘remote-desktop session’).
  • [T1078 ] Valid Accounts – The control focuses on sessions performed by privileged users and technicians with legitimate access (‘oversight of users with significant privileges’ and ‘technicians…who can take remote control’).
  • [T1005 ] Data from Local System – Remote admins can read arbitrary files on endpoints, which is why preserving the session matters (‘read arbitrary files’).
  • [T1068 ] Exploitation for Privilege Escalation – The article notes remote-admin sessions can execute arbitrary commands and modify configuration, illustrating high-impact privileged actions (‘execute arbitrary commands…modify configuration’).
  • [T1562.001 ] Disable or Modify Tools – Administrative sessions may install or remove software and change system settings, actions that audit recording is intended to capture (‘install or remove software and modify configuration’).

Indicators of Compromise

  • [Product/Platform ] Session-recording control discussed in the article – Acronis RMM, Acronis platform
  • [Standard/Control Identifier ] Compliance references – AU-14, NIST SP 800-53 Revision 5
  • [Standard/Framework ] Logging and monitoring guidance – ISO/IEC 27001:2022 Annex A 8.15, 8.16
  • [Standard/Guidance ] Operational logging reference – NIST SP 800-92
  • [Legislation/Requirement ] Data-protection control reference – GDPR Article 32
  • [Guidance/Control ] Security control reference – CIS Critical Security Controls v8 Control 8


Read more: https://www.acronis.com/en/tru/posts/session-recording-adoption-takes-off/