BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Computerworld’s Advice Still Relies Too Much on Trust

Posted November 17, 2010    Peter McCalister

In a Computerworld article, last week, exploring the ‘scary side of virtualization’, the reporter, took some time out in a sidebar, to offer some sage staffing advice.

His riposte, ‘Beware the All-Powerful Admin’, made clear the risk of giving server admins the ‘keys to the kingdom’ – not a good thing so consultants and IT execs unanimously agree.

They might for example create virtual FTP servers ‘or they may inadvertently use a virtual-machine migration tool to move a server onto different hardware for maintenance reasons, without realizing that the new host is on an untrusted network segment.’

His sage advice, is to establish a clear separation of duties in virtual infrastructures, and develop a strong change-management process that includes issuing change management tickets.

BeyondTrust, naturally would agree, but with one caveat. Businesses don’t rely on trust alone. BeyondTrust’s name doesn’t invite businesses to put their faith in some kind of metaphysical state that transcends our human frailties, it simply invites you to recognize that people can and do make mistakes, and when they are people with the ‘keys to the kingdom’, these mistakes can be costly.

Better to trust your people, and, take out an insurance policy against human frailties, whether those be fat fingered mistakes, or willful misuse of responsibility.

In any environment especially the deployment of virtualized environments, strong identity management practices, and specifically control around privileged access, must be put in place. As BeyondTrust’s Jeff Nielsen says: “As the number of virtual hosts increases, there is a natural tendency to create islands of identity that are difficult to manage. As individual virtual servers are created that serve the needs of departmental applications, there will be typically be a push from the departments for them to own the access to the server, specifically the privileged access, in the name of departmental efficiency. As the number of identity sources increases, the prospect for orphaned or inappropriate privileged access increases. Without a well-orchestrated management scheme for identity management and privileged access, the company will soon lose control compromising security and audit compliance.”

Leave a Reply

Additional articles

ovum-research

New Analyst SWOT Assessment Identifies Key Strengths of PowerBroker

Posted November 24, 2014    Scott Lang

Following on the heels of the Gartner PAM market guide and Frost & Sullivan review of Password Safe comes a new analyst review of our BeyondInsight and PowerBroker platforms, a SWOT assessment of BeyondTrust written by Ovum. Ovum’s honest and thorough review of BeyondTrust indicates that we are delivering, “…an integrated, one-stop approach to PAM….

Tags:
, , ,

Patented Windows privilege management brings you unmatched benefits

Posted November 24, 2014    Scott Lang

We are pleased to announce that BeyondTrust has been granted a new U.S. Patent (No. 8,850,549) for privilege management, validating our approach to helping our customers achieve least privilege in Windows environments. The methods and systems that we employ for controlling access to resources and privileges per process are unique to BeyondTrust PowerBroker for Windows….

Tags:
6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,