BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

The Intersection of Policy, Technology & People

Post by Peter McCalister May 16, 2011

Lot’s of things come in threes. You can’t get fire unless you have heat, fuel and oxygen and a great swing just needs a tree, a tire and some rope. Turns out that you also can’t get to a least privilege environment unless you’ve dealt with the intersection of policy, technology and people.

Achieving least privilege isn’t as elusive as one might perceive and it certainly is one of the key requirements to eliminate the misuse of privilege throughout the extended enterprise (physical servers and desktops, cloud and virtual environments) or to greatly mitigate the risk of an insider breach. We have reported extensively on the cost of intentional, accidental and indirect misuse of privilege as well as highlighted numerous examples where insider breaches have cost organizations millions of dollars in the blog over the last year.

So why is it that most organizations still struggle with the decision to implement a least privilege solution let alone the steps necessary to implement it correctly? All too often, the solution is simple if one just steps back and chooses not to over-complicate the requirements. In this case the 3 step process would be:

Decide to invest in eliminating insider threats with as much tenacity and urgency as you have in preventing outsider threats.
Determine which roles (people) should have access/authorization to do what (policy) and implement a least privilege solution (technology) that enforces those policies to those people.
Monitor, measure and refine for further improvements as well as satisfy governance and compliance audit requirements.

Leave a Reply

Additional articles

insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,