Redundancies are an unfortunate reality in today's
economic climate. Too often, businesses
leave themselves vulnerable to a data breach by not immediately
revoking the network and application access points of terminated
employees, writes Mark Fullbrook UK director atCyber-Ark.
When staff do take data and a cause a security incident, we tend
to file it away as an example of an "employee gone bad." In reality
it constitutes a failure of the organisation to uphold their
responsibility on behalf of the business to manage, control and
monitor the power it provides to its employees and systems. The
failure stems from the 'perception of control' an organisation has
over their most sensitive networks, systems and devices.
The threat to an organisation is increased exponentially when
the access is through administrative, shared or privileged accounts
- these represent the most powerful IT users in an organisation,
often providing wide-ranging access to most systems, applications
or databases within the enterprise.
These privileged identities, which exist on virtually every one
of the thousands of servers and applications within a typical
enterprise, very rarely get changed, due to the presumed extra IT
effort involved and the need to communicate the new settings to the
IT staff, which if not done effectively could potentially impede or
slow down an administrator doing a time-critical task.
This type of uncontrolled access can lead to dire situations
such as last year when the city of San Francisco was brought to its
knees because an employee locked down the city's IT system through
a privileged account. And more recently, a Fannie Mae employee
implanted a logic bomb on the company's network because access to
his privileged accounts was immediately revoked upon his
termination.
Here are specific steps you can take to help prevent severe
security incidents:
- Improve internal security controls around privileged accounts
via encryption, password protection, and auditing of system
access;
- Reduce the risk of internal data misuse by implementing
policies and technologies which provide special treatment for
privileged identities and ensure compliance with regulatory
requirements;
- Ensure administrative and application identities and passwords
are changed regularly, highly guarded from unauthorized use and
closely monitored, including full activity capture and
recording;
- Avoid sloppy habits when exchanging privileged and sensitive
information, such as sending sensitive or highly confidential
information via email or writing down privileged passwords on
post-it notes;
- Ensure provisioning, and more importantly deprovisioning of
user access in an immediate timeframe after employee status or role
changes.
Remember, trust is not a security policy, and the damage that
insiders can do should not be underestimated. To thwart this
threat, the first big step is making that key decision to
effectively manage these privileged accounts, and then doing so in
a streamlined manner that makes it efficient and transparent to the
user.
Streamlining the management of privileged accounts by
controlling who has access, when access was gained, what is being
done with the sensitive data and why access is needed is critical
in preventing a major security incident from occurring at your
company.