Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Problem with privileged users should be reversed to show benefits

by The Gurus
June 19, 2014
in Editor's News
Share on FacebookShare on Twitter

The problem with privileged user access is caused by “super” user accounts that are generally shared by IT staff members to perform their job.
 
Speaking at the Identity Management conference in London, Jitender Arora, information and security risk executive in the financial services industry, said that users often need access to do their job and this means full access for individual accounts. However, this problem is compounded by number of orphan and dormant accounts left in the environment due to lack of effective account management processes.
 
He claimed that users often need privileged access to production IT assets to do their job on daily basis, and applications also need privileged accounts on systems to run as service or connect to other systems or databases for machine to machine communication. But the problem is that the number of privileged accounts on systems have grown significantly, posing the challenge of effective management of “Keys to the Kingdom”.
 
“Every IT asset needs at least one privileged account to run and every application installed on that IT asset also need at least one privileged account to run as service,” he said. “Any typical global organisation would have approximately 20,000+ IT assets, which means 40,000+ accounts minimum. Now, there are human users who manage these environments and they also need access to these IT assets. If you add up the numbers it becomes a monster figure”.
 
He said that it is easy to give super-user access to every person who manages IT assets as it is simple that way, but it gets really complicated and difficult to implement if you want to give individual restricted access based on least privilege and segregation of duties principle.
 
Arora admitted organisations are finding it difficult to keep track of who is coming in, who is moving and who is leaving the organization, and modify access accordingly but said that the best action is not to change the access controls on systems too much because of movement in user space.
 
“The number of accounts are up and down, and when someone leaves you have potential of orphan and dormant accounts. The knowledge of passwords for such orphan and dormant privileged accounts adds on to this problem and complicates the issue.” he said.
 
He said that everybody joining the organisation is given a laptop or desktop with standard set of controls i.e. data leakage controls, proxy controls, email encryption and laptop encryption and these controls are fit for purpose for day to day work conducted by all users e.g. checking emails, attending meetings, creating documents etc., however, a subset of the user population needs to have privileged access to IT systems that are running business applications that earn money for the organisation.
 
“These standard controls are not adequate for such privileged access while accessing production systems,” he said.
 
“You need a flexible mechanism to elevate controls (based on risk) when a user needs to logon to the production system in the privileged capacity. These controls can be adapted based on the level of risk by creating a fine balance between convenience and security. It’s very difficult to control how and when users access production systems unless we take the knowledge of credentials away. The future of privileged access management is providing access on need to use basis with different level of controls based on risk associated with the type of access.”
 
Asked why privileged user access is still a problem in 2014, Arora said: “A lot of the problems a
re in that we need to make too many changes to the production systems due to movement of users in the IT organisation. We don’t need to be making so many changes just because someone joins, moves or leave the IT support organisation.
 
“We need standard set of privileged accounts with granular access on production systems that are well controlled and managed, and a mechanism to provide access to these accounts to privileged users on need to use basis. If we can achieve this, we have a better chance of managing ‘Keys to the Kingdom’.”
 
Hans Zandbelt, senior technical architect at the CTO office at Ping Identity, said that rather than see it as an ongoing problem, we should look at reversing the situation to realise how privileged user access can be seen as a benefit for the company.
 
In another presentation, David Higgins, professional services manager for UK and Ireland at Cyber Ark, said: “According to Mandiant, 100 per cent of breaches involved stolen credentials and they were typically privileged that allow you to do whatever you want to do. When it is privileged, it is access to more information and Edward Snowden accessed the agent roster, and privilege that he had was something they needed to focus on when a user gets access and when it is used.
 
“Everyone has got a good grasp on the end-user, but not on privileged accounts and what was created for a project may not be properly documented. Understand what out there and when passwords changed, they may be ten years old, but if you understand the scope you can understand what to remove and manage.”

FacebookTweetLinkedIn
Tags: IAMIdentity
ShareTweetShare
Previous Post

Hacker puts hosting service code spaces out of business

Next Post

Maze prison records were unwittingly sold at an auction

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information