BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Getting a gold star in compliance

Posted July 9, 2013    Mike Yaffe

gold-starYou know I realize that I’m getting older after I lived through “this is gonna be the big year for PKI (heard that for 4 straight years, and I’m still waiting)”, or “everyone will have a digital certificate on all their credit cards next year”, or “security and compliance are two different things.” As for that last one about compliance, I know that now as well as I know the 1986 Red Sox starting infield (Wade Boggs, Spike Owen Marty Barrett, and Billy Buckner…not going there right now) – but trust me there was time that SOX, HIPAA, and PCI were very new and their introduction cased a lot of major anxiety in the security industry. Would there actually be industry standardization, penalties and fines for non-compliance? Who would actually own that? Would you still get funding for specific security mandates and how often would the auditors come in to check on us? While these and other regulations did require certain types of information security to be implemented,  if it wasn’t mandated in the regulation itself,  a lot of times it didn’t get done or the project simply didn’t get funded.

If you could poll security professionals privately they would cop to the fact that these regulations were put in place as a platform for minimum operational security standards. They set a baseline, and once the minimum was done organizations were supposed to take the next step, but in reality that didn’t happen. Organizations were so wrapped around the check box axle that not much else really got done. Question, how many of you out there teach your kids to do ONLY the bare minimum and just do what you have to get by? We all want them to get that gold star and for our kids to be people who excel. So why should we settle for less than a gold star in our information security programs?

Recently I read that Gartner’s Anton Chuvakin said that some retailers are scanning MORE than the ¼ requirement for PCI.

Most of the security programs I see, people are trying really hard, but they are seriously understaffed and underfunded, and they are doing what they can when they can. I’d be surprised if most organizations are only doing scanning quarterly. I think security practitioners were hoping these rules and reg’s would be something more than they are. It appears that organizations are beginning to understand that the minimum is not going to cut it and rather they have to be vigilant. No one wants to be told what to do and when to do, and if more organizations or industries step up like retail, then gold stars for everyone.

Tags:
, , , , , , ,

Leave a Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,