The infamous NSA security breach reminds us once again of the immense damage that can be caused by a single privileged user with an agenda. Privileged users, with their unlimited access to system and network resources, can access and leak all types of data. While many organizations focus on protecting their systems and infrastructure from external threats, the security risks related to malicious insiders are just as significant.

Edward Snowden may be the most notorious example, but unfortunately he’s not alone. Whether done intentionally or by accident, security breaches by trusted insiders can cause substantial harm to the organization, including loss of trade secrets, embarrassing data leaks, and even non-compliance with security regulations.

So, what lessons can we learn from this latest security breach?

1. Privileged ID’s are growing and so is the associated risk

The trends towards data center consolidation, cloud computing, and virtualization, as well as outsourcing, are generating more privileged IDs in today’s IT infrastructures. This creates an even greater need to centrally manage and secure privileged IDs, as well as to pay attention to whom you are granting privileged ID status. Organizations often delegate specific administrative tasks such as system back-ups and help desk support to a large pool of staff or contractors whose membership changes frequently. Without the proper oversight, someone who hasn’t worked for your organization in months, or even a hacker who has penetrated your system, could have privileged access to your servers, appliances, and networks.

2. Grant user entitlements appropriately and keep them updated

The workplace is dynamic, with new employee hires, job changes, and departures. User entitlements should be updated to adapt to these changes, especially when workers change roles or leave the organization. Because the potential for harm is so great, the number of privileged accounts should be kept to a minimum. Granting privileged ID entitlements should be scrutinized and limited to only those who truly need the privileged access and who have the necessary credentials and clearances. For example, should contractors or outsourcing partners have access to top-secret product plans, customer lists, or patient data?

3. Managing and monitoring privileged users is necessary for both security and compliance

Government regulations and industry standards have become more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts. To effectively mitigate the security risks associated with privileged ID’s, they need to be auditable and have individual accountability. In other words, if several users share one privileged account that causes a security breach, which user is responsible? Once the privileged account is established, organizations should carefully monitor and audit the activities associated with the ID to highlight anomalies or misuse of the account’s privileges. This increased auditability of privileged accounts may prevent security breaches before they happen.

4. Mitigate insider risk and maintain compliance with a privileged identity management solution

Privileged user accounts need to be properly managed, audited, and revoked as needed. If privileged IDs are not properly managed, they can cause accountability and compliance issues and increase the risk for sabotage and data theft. Better oversight of privileged users’ activities can raise a red flag if/when confidential information is being inappropriately accessed, distributed and downloaded.

Organizations don’t need to leave themselves vulnerable to insider threats. With the right security solutions, they can control access to privileged identities and track usage of shared accounts for individual accountability and improved compliance.

I would love to hear your thoughts in the comments below. What do you think about these four lessons we learned latest security breach? What have you learned from the latest security breach?

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…