The infamous NSA security breach reminds us once again of the immense damage that can be caused by a single privileged user with an agenda. Privileged users, with their unlimited access to system and network resources, can access and leak all types of data. While many organizations focus on protecting their systems and infrastructure from external threats, the security risks related to malicious insiders are just as significant.
Edward Snowden may be the most notorious example, but unfortunately he’s not alone. Whether done intentionally or by accident, security breaches by trusted insiders can cause substantial harm to the organization, including loss of trade secrets, embarrassing data leaks, and even non-compliance with security regulations.
So, what lessons can we learn from this latest security breach?
1. Privileged ID’s are growing and so is the associated risk
The trends towards data center consolidation, cloud computing, and virtualization, as well as outsourcing, are generating more privileged IDs in today’s IT infrastructures. This creates an even greater need to centrally manage and secure privileged IDs, as well as to pay attention to whom you are granting privileged ID status. Organizations often delegate specific administrative tasks such as system back-ups and help desk support to a large pool of staff or contractors whose membership changes frequently. Without the proper oversight, someone who hasn’t worked for your organization in months, or even a hacker who has penetrated your system, could have privileged access to your servers, appliances, and networks.
2. Grant user entitlements appropriately and keep them updated
The workplace is dynamic, with new employee hires, job changes, and departures. User entitlements should be updated to adapt to these changes, especially when workers change roles or leave the organization. Because the potential for harm is so great, the number of privileged accounts should be kept to a minimum. Granting privileged ID entitlements should be scrutinized and limited to only those who truly need the privileged access and who have the necessary credentials and clearances. For example, should contractors or outsourcing partners have access to top-secret product plans, customer lists, or patient data?
3. Managing and monitoring privileged users is necessary for both security and compliance
Government regulations and industry standards have become more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts. To effectively mitigate the security risks associated with privileged ID’s, they need to be auditable and have individual accountability. In other words, if several users share one privileged account that causes a security breach, which user is responsible? Once the privileged account is established, organizations should carefully monitor and audit the activities associated with the ID to highlight anomalies or misuse of the account’s privileges. This increased auditability of privileged accounts may prevent security breaches before they happen.
4. Mitigate insider risk and maintain compliance with a privileged identity management solution
Privileged user accounts need to be properly managed, audited, and revoked as needed. If privileged IDs are not properly managed, they can cause accountability and compliance issues and increase the risk for sabotage and data theft. Better oversight of privileged users’ activities can raise a red flag if/when confidential information is being inappropriately accessed, distributed and downloaded.
Organizations don’t need to leave themselves vulnerable to insider threats. With the right security solutions, they can control access to privileged identities and track usage of shared accounts for individual accountability and improved compliance.
I would love to hear your thoughts in the comments below. What do you think about these four lessons we learned latest security breach? What have you learned from the latest security breach?