BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Confessions of a Paranoid IT Director

Posted April 6, 2011    Peter McCalister

Hi, my name is Betty, I’m an IT Director at a large utility company and it’s been 1 week since my VP of Software Development complained that security was locked down too tight to get anything done. (All together now) HI BETTY!

I know this is a support group for IT Directors suffering from governance, risk and compliance issues, but candidly I don’t acknowledge that I, or my organization, has a problem.  I’ve locked down every network, server, desktop, cloud and virtual environment so tightly that it takes a call to the help desk anytime someone needs admin rights to do anything.  Sure, our help desk costs skyrocketed, but this way I have complete control over who does what to our IT systems and can guarantee security to my boss.

The other problem that I have to ignore frequently is the VP of the Software Development organization who is constant complaining that his team can’t get anything done and will be missing their deadlines because of my security policies.  He is now threatening to break into our data center and reprogram all security policies one night, so I am evaluating new physical security measures as well.

I recently saw an ad for Guido the Gorilla who is trained to protect IT assets the old fashioned way…with intimidation and brute force.  Do you think he will be worth the investment or not worth his weight in bananas?

Leave a Reply

Additional articles

flash-logo

Adobe Patches Zero-Day Flaw Being Exploited in the Wild

Posted January 22, 2015    BeyondTrust Research Team

Earlier this week, French malware researcher Kafeine reported on a new Adobe Flash zero-day vulnerability that was being exploited in the wild using the latest versions of the Angler Exploit Toolkit. “Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled”…

Tags:
, , , , ,

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 2 of 2)

Posted January 22, 2015    Scott Lang

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report…

Tags:
, , , ,
Larry-Brock-CISO

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

Posted January 22, 2015    Larry Brock

With football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful. In security, we need to do the same.  It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique…

Tags:
, , , , ,