BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Computerworld’s Advice Still Relies Too Much on Trust

Post by Peter McCalister November 17, 2010

In a Computerworld article, last week, exploring the ‘scary side of virtualization’, the reporter, took some time out in a sidebar, to offer some sage staffing advice.

His riposte, ‘Beware the All-Powerful Admin’, made clear the risk of giving server admins the ‘keys to the kingdom’ – not a good thing so consultants and IT execs unanimously agree.

They might for example create virtual FTP servers ‘or they may inadvertently use a virtual-machine migration tool to move a server onto different hardware for maintenance reasons, without realizing that the new host is on an untrusted network segment.’

His sage advice, is to establish a clear separation of duties in virtual infrastructures, and develop a strong change-management process that includes issuing change management tickets.

BeyondTrust, naturally would agree, but with one caveat. Businesses don’t rely on trust alone. BeyondTrust’s name doesn’t invite businesses to put their faith in some kind of metaphysical state that transcends our human frailties, it simply invites you to recognize that people can and do make mistakes, and when they are people with the ‘keys to the kingdom’, these mistakes can be costly.

Better to trust your people, and, take out an insurance policy against human frailties, whether those be fat fingered mistakes, or willful misuse of responsibility.

In any environment especially the deployment of virtualized environments, strong identity management practices, and specifically control around privileged access, must be put in place. As BeyondTrust’s Jeff Nielsen says: “As the number of virtual hosts increases, there is a natural tendency to create islands of identity that are difficult to manage. As individual virtual servers are created that serve the needs of departmental applications, there will be typically be a push from the departments for them to own the access to the server, specifically the privileged access, in the name of departmental efficiency. As the number of identity sources increases, the prospect for orphaned or inappropriate privileged access increases. Without a well-orchestrated management scheme for identity management and privileged access, the company will soon lose control compromising security and audit compliance.”

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,