BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Insider Hero Introduced: Compliance Carl

Post by Peter McCalister July 22, 2011

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This sixth and final introduction will be of the most unlikely hero.

“Compliance Carl” is is your classic auditor responsible for regulatory compliance reporting and auditing of IT policies for enforcement of corporate governance. Carl has two sides. The unassuming, nose-to-the-grindstone side worries about system processes and productivity. And the assertive, give-‘em-no-quarter’ side worries about human mistakes and malice.

Carl is about dualities: part technical analyst, part financial analyst. At his best Carl is part Sherlock Holmes and part Judge Judy. At his worst he is part Homer Simpson and part Harvey Two-Face.

Most business and IT executives alike tremble when Compliance Carl comes around because they know their practices and systems will be scrutinized. Part of this generalized fear is the black and white nature of a compliance audit. At the end they will either pass or fail. A failing mark can mean anything from small policy changes required to massive financial fines.

Because these decisions are almost solely at the discretion of the type of Compliance Carl you have in your organization, the difference between the “Holmes/Judy” version can be dramatically different that the “Simpson/Two-face” version without a least privilege solution.

Leave a Reply

Additional articles

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,
BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,