BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Computerworld’s Advice Still Relies Too Much on Trust

Posted November 17, 2010    Peter McCalister

In a Computerworld article, last week, exploring the ‘scary side of virtualization’, the reporter, took some time out in a sidebar, to offer some sage staffing advice.

His riposte, ‘Beware the All-Powerful Admin’, made clear the risk of giving server admins the ‘keys to the kingdom’ – not a good thing so consultants and IT execs unanimously agree.

They might for example create virtual FTP servers ‘or they may inadvertently use a virtual-machine migration tool to move a server onto different hardware for maintenance reasons, without realizing that the new host is on an untrusted network segment.’

His sage advice, is to establish a clear separation of duties in virtual infrastructures, and develop a strong change-management process that includes issuing change management tickets.

BeyondTrust, naturally would agree, but with one caveat. Businesses don’t rely on trust alone. BeyondTrust’s name doesn’t invite businesses to put their faith in some kind of metaphysical state that transcends our human frailties, it simply invites you to recognize that people can and do make mistakes, and when they are people with the ‘keys to the kingdom’, these mistakes can be costly.

Better to trust your people, and, take out an insurance policy against human frailties, whether those be fat fingered mistakes, or willful misuse of responsibility.

In any environment especially the deployment of virtualized environments, strong identity management practices, and specifically control around privileged access, must be put in place. As BeyondTrust’s Jeff Nielsen says: “As the number of virtual hosts increases, there is a natural tendency to create islands of identity that are difficult to manage. As individual virtual servers are created that serve the needs of departmental applications, there will be typically be a push from the departments for them to own the access to the server, specifically the privileged access, in the name of departmental efficiency. As the number of identity sources increases, the prospect for orphaned or inappropriate privileged access increases. Without a well-orchestrated management scheme for identity management and privileged access, the company will soon lose control compromising security and audit compliance.”

Leave a Reply

Additional articles

beyond-trust

PowerBroker for Windows – Most Innovative IAM Solution by Cyber Defense Magazine

Posted April 21, 2015    Scott Lang

PowerBroker for Windows has been selected as a winner by the 2015 Cyber Defense Magazine Awards Program in the category of “Most Innovative Identity and Access Management Solution”.

Tags:
, , ,
pbps-customer-campaign-image

Are you changing your passwords as often as the weather changes?

Posted April 20, 2015    Scott Lang

There is one thing that should change more frequently than the weather: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations, and you don’t have a process to control those accounts.

Tags:
, , , ,
webinar1

On Demand Webinar: Advanced Windows Tracing

Posted April 17, 2015    BeyondTrust Software

Webinar: Security MVP, Paula Januszkiewicz, shows Windows administrators how to be more aware of what happens whenever somebody does something within the system.

Tags:
, ,