BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Transgression Tuesday: Ways to Avoid a Data Breach

Posted June 28, 2011    Peter McCalister

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

That being said, let’s shake out a couple rugs and bring to light some bad habits that could make your enterprise the next Sony. We’ll start with a couple- I’ve often found that when one bad habit is being practiced, others aren’t far behind. The last thing we want is to overwhelm you, so the two IT sins we’re bringing to your attention today are as follows:

1. Allowing all users to run with administrator rights/root credentials. Allowing everyone access to all IT resources only leaves your sensitive data in danger. Whether its accidental, inadvertent, or intentional, privileges get misused when your company’s assets are available to all.

2. Not running regular inventory of which users have what rights. With changing job descriptions, new hires, lay-offs, and the changing of projects, user privileges change frequently. It is therefore crucial that you analyze privileged identities on a frequent basis, as well. Think about how different Gucci’s story would have been if they had done this- their previous employee wouldn’t have been able to access the information he leaked.

Do you have these habits going on in your enterprise. Now is the time to fix them, before you have to deal with the ramifications of a data breach. Stay tuned for future Transgression Tuesdays- we’ll keep you up to date on warning signs to look out for and traps to avoid.

Leave a Reply

Additional articles

powerbroker-for-mac-diagram-small

PowerBroker for Mac: A Least-Privileged Apple a Day…

Posted July 27, 2015    Jason Silva

BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Tags:
, ,
PrivilegedAccountManagement

On Demand Webinar – Now is the time for Privileged Account Management

Posted July 24, 2015    BeyondTrust Software

In this webinar, SANS Instructor and Founder of Voodoo Security, Dave Shackleford, will revisit several hacking and breach scenarios that involved privileged accounts, and use these as examples while discussing tools and tactics to get this problem under control once and for all.

Tags:
, ,
dave-shackleford-headshot

Privileged Account Management: The Time is Now

Posted July 22, 2015    Dave Shackleford

There’s plenty of problems we don’t have great options for in InfoSec today. Malware is a pain point that keeps evolving rapidly. 0-day exploits are tough to prepare for. Privileged account management? We got this. We know the root causes, we know how it manifests, we know how to get it under control effectively, and there are great technology solutions that are enterprise-class.

Tags:
, ,