BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Confessions of an Informed IT Director

Posted April 8, 2011    Peter McCalister

Hi, my name is Barney, I’m an IT Director at a multi-national telecommunications company and it’s been 2 years, 4 months, 1 week, 3 days and 11 hours since my last failed audit. (All together now) HI BARNEY!

I know this is a support group for IT Directors suffering from governance, risk and compliance issues, and candidly I did have a  problem at one time.  I started out apathetic like Bob and then paranoid like Betty, but one day I came upon some research on least privilege and privilege identity management and the rest, as they say, is history.

What I learned is that there is a class of software that allows me to control access at a very granular level for my desktops, servers, virtual and cloud environments based on policy and role.  This way everyone now only has access to do what the company wants them to do but still is monitored at a keystroke or event level for audit, compliance and remediation issues.  I no longer have to fear insider attacks nor do I have to tolerate groups complaining that security controls inhibit productivity.  Whenever there is a need to change policy I can make a centralized modification and have it propagated enterprise wide as required.

So now I like to come to these meetings to hear other’s “horror stories in the making” to remind myself why I continue to foster a least privilege solution across my extended enterprise.

Leave a Reply

Additional articles

webinar1

On Demand Webinar: Advanced Windows Tracing

Posted April 17, 2015    BeyondTrust Software

Webinar: Security MVP, Paula Januszkiewicz, shows Windows administrators how to be more aware of what happens whenever somebody does something within the system.

Tags:
, ,
5

The Delicate Art of Remote Checks – A Glance Into MS15-034

Posted April 15, 2015    Bill Finlayson

Remote vulnerability detection – using ms15-034 as an example.

Tags:
, ,
databreach

2015 Verizon Data Breach Investigations Report: More End Users as Threats

Posted April 15, 2015    Scott Lang

The 2015 Verizon report says end users are the number one source of insider abuse incidents. Find out how to mitigate the risks.

Tags:
,