BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Transgression Tuesday: Ways to Avoid a Data Breach

Posted June 28, 2011    Peter McCalister

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

That being said, let’s shake out a couple rugs and bring to light some bad habits that could make your enterprise the next Sony. We’ll start with a couple- I’ve often found that when one bad habit is being practiced, others aren’t far behind. The last thing we want is to overwhelm you, so the two IT sins we’re bringing to your attention today are as follows:

1. Allowing all users to run with administrator rights/root credentials. Allowing everyone access to all IT resources only leaves your sensitive data in danger. Whether its accidental, inadvertent, or intentional, privileges get misused when your company’s assets are available to all.

2. Not running regular inventory of which users have what rights. With changing job descriptions, new hires, lay-offs, and the changing of projects, user privileges change frequently. It is therefore crucial that you analyze privileged identities on a frequent basis, as well. Think about how different Gucci’s story would have been if they had done this- their previous employee wouldn’t have been able to access the information he leaked.

Do you have these habits going on in your enterprise. Now is the time to fix them, before you have to deal with the ramifications of a data breach. Stay tuned for future Transgression Tuesdays- we’ll keep you up to date on warning signs to look out for and traps to avoid.

Leave a Reply

Additional articles

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,
normal-blog-img

New IT Security Best Practices for Maintaining “Business as Usual” Despite Evolving Threats

Posted August 13, 2014    Morey Haber

It’s time to get back to business. Here in the U.S., summer vacations are wrapping up and businesses are looking forward to closing out 2014. Over the past year, we’ve seen several incidents that warrant changes in the ways consumers make purchases and businesses conduct transactions. Consider last week’s theft of a whopping 1.2 billion…

Tags:
, , ,