« Scary New Class of Security Exploits | Main | Security on the Cheap »

So you're in a meeting with IT, and you're going over all the vulnerabilities, and for every exploit the system administrator tells you not to worry, you're protected, and you're just about to conclude the meeting when you think: what about you? What about my system administrator? Who's protecting us from you?

According to Dark Reading, system administrators who exploit their own system either due to a grievance or just plain malfeasance is a much bigger problem than any of us would care to admit. Numerous recent studies have pointed out that IT admins frequently abuse their privileges, and a study done a year ago by Dark Reading (which in essence requires admins to be honest about their dishonesty), more than a third of the admins admitted to abusing their privileges.

I think we can conclude simply that absolute access corrupts absolutely.

All the recent news of insider attacks, as well as more stringent controls required by SOX, HIPAA, and PCI, has led to the development of a new type of security tool that's being called "privileged access management."

"We've already got 230 customers using our product -- that's more than some of the end-user-oriented identity management tool vendors have," says Adam Bosnian, vice president of product strategy and sales at Cyber-Ark, a company that makes software for monitoring, managing, and distributing privileged administrative passwords. "That tells you that this particular problem is one that is important to compliance, but isn't being addressed by a lot of the [identity management] tools that are out there."

"What we find, post-sale, is that when the administrative passwords are all changed and locked in the vault, people start coming out of the woodwork to ask what happened," Bosnian says. "Where you thought you only had 10 people with administrative access to a particular system, you might find that you actually have 30."

This past summer I recorded a podcast with Adam Bosnian of Cyber-Ark, and below are some highlights:

We have some data that says 80% of security incidents have been caused by people on the inside and of those, 50% of them could have been dealt with if they had a better deprovisioning and better security model within their organization.

Asked why privileged passwords are so often used in insider attacks: No. 1, the accounts are very powerful. Full access to the machine. Full access to the data. And no. 2, they're generic, meaning there are no footprints. And so people can get away with whatever they want to without it being attributed to their specific end user.

And what companies need to do to become compliant: Securing privileged accounts and securing privileged passwords is the no. 1 area where we're seeing organizations being highlighted on and being dinged on. Secondly, though, and I think the most common and maybe the most important area that is being highlighted in audits, is you need to attribute who did what to the actual end user.

To listen or read the transcript from the entire podcast, just click here.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2770