Privileged accounts and insider threats
By Ang Chye Hin August 12, 2014
- Most companies focus solely on external threats and ignore internal ones
- Steps you can take to mitigate risks associated with privileged accounts, users
POORLY managed privileged credentials represent a huge compliance and security risk, leaving organisations just as vulnerable as a hole in a firewall. The more people with such credentials and the more systems they can access, the greater the threat.
According to a global security survey commissioned by Dell and conducted by independent technology market research specialist Vanson Bourne, 73% of organisations have experienced a security breach in the last 12 months.
Clearly, these trends are unsustainable, yet most companies attempting to improve their data security profile focus solely on external threats and ignore the proliferation of internal ones, especially privileged users and accounts.
Eliminating this threat, however, doesn't have to be particularly difficult or expensive. Organisations can take steps to mitigate the security risks associated with privileged accounts and users.
First, it’s important for IT administrators to take inventory of privileged users and accounts. It’s impossible to mitigate the risks of privileged accounts if an organisation doesn’t know how many it has or who needs access to them.
Privileged accounts exist for almost every device and application within the organisation. Creating a list of where these accounts are and who or what systems access them can help an organisation identify where it is most vulnerable to internal security breaches.
Additionally, organisations should enforce strict change management processes to privileged passwords.
Most organisations do a better job at this for regular users than for privileged accounts, but enforcing strong passwords and changing them regularly is even more important for privileged accounts.
Privileged passwords should also be stored securely. When an inventory of all accounts and passwords is created, it is immediately put at risk of being compromised.
Whenever possible, organisations should ensure individual accountability and the lowest level of privileged access. Many of the compliance regulations in the industry today require that organisations know exactly who has access to what and when they have it.
In addition, it’s necessary to provide only the level of access a user needs in order to perform the task at hand – the lower the level, the better.
Most importantly, organisations need to audit and report on privileged access on a regular basis.
Simply controlling what privileged users are allowed to do is not enough; it is also necessary to audit what they are doing. Regular reporting helps to identify when privileged passwords are changed and which users have used potentially harmful commands.
Continual auditing and reporting is mandatory for understanding the state of security for privileged access and identify areas that require improvement.
While there is no simple silver bullet for securing an organisation’s resources, combining each of these practices can dramatically reduce the risks associated with privileged access while providing a better understanding of where any security gaps may be.
Ang Chye Hin is the Dell Security regional sales director for South Asia.
Basic security products don't cut it anymore: IDC
Security as a business enabler, not a bottleneck
Govt malware, insider threats to dominate security landscape: CyberArk
Smarter, shadier and stealthier cyber-crime forces dramatic change
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.