BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Who is To Blame When An Insider Breach Occurs?

Posted February 6, 2012    Peter McCalister

As I’ve waded through the hundreds of published insider breaches from just the last two years, what was a clear recurring theme was that of the vagaries of human nature. Not meaning to wax poetic, but it was always an individual who misused their own, or some other insider’s, privileged access authorizations to IT systems to their own devices and/or gains.

That begs two questions:

What sets these people on their path to misuse of privilege?
Are they personally responsible or is the organization’s lack of controls partially responsible as well?

As I have pointed out many times—at the intersection of people, processes, and technology that make up the engine of modern business—it’s human nature that is the weakest link. And, all too often, it’s the tendency of almost the entire IT industry—vendors, analysts, and press—to ignore this.

Put another way, you can’t rely on everyone being a saint or competent all of the time. It’s not just malicious malcontents intent on destroying the system who can cause havoc, but also the negligent, misinformed, and down-right nosey who can compromise sensitive data. In all cases, it’s more often than not the case that such people have way too much privilege access— admin rights on the desktop, root password on the server—for the role they are required to play.

Indeed, when technology is to blame, it’s not always the technology company’s use; it’s the failure to recognize the importance of technology, such as privileged identity management (PIM) systems, which can restrain over-privileged users without hampering productivity, which is at fault. With increasing costs arising from data breaches, including cleanup costs, as well as customer churn due to diminished trust, it makes sense not to rely on trust alone when it comes to employee and third-party access to sensitive data.

Leave a Reply

Additional articles

pbps-blog2

10 Ways to Ensure Your Privileged Password Management Strategy Will Succeed

Posted April 27, 2015    Scott Lang

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organisation. But if passwords are such a no-brainer, why do so many data breaches tie back to poor password management?

Tags:
, , , , , , , ,
beyond-trust

PowerBroker for Windows – Most Innovative IAM Solution by Cyber Defense Magazine

Posted April 21, 2015    Scott Lang

PowerBroker for Windows has been selected as a winner by the 2015 Cyber Defense Magazine Awards Program in the category of “Most Innovative Identity and Access Management Solution”.

Tags:
, , ,
pbps-customer-campaign-image

Are you changing your passwords as often as the weather changes?

Posted April 20, 2015    Scott Lang

There is one thing that should change more frequently than the weather: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations, and you don’t have a process to control those accounts.

Tags:
, , , ,