|By Business Wire||
|November 26, 2012 08:05 AM EST||
Today, on Cyber Monday, online retailers and banks are bracing for the likelihood of increased data breaches and security threats, while online shoppers are taking extra precautions to protect personal information. Every day, Americans trust that the corporate and government IT systems handling their critical identity information, such as credit card numbers, social security numbers and tax returns, are equipped with appropriate security measures to keep personal data safe. Heightening awareness of potential security risks is an essential step to thwarting malicious attacks. All too often, however, public and private entities must also recognize that even more risky exposure exists when administrative privilege is exploited, regardless whether by external adversaries or internal threats. Quest Software (now part of Dell) has a deep understanding of the problems organizations face when they don’t properly control and audit administrative access and “super-user” accounts.
According to a survey conducted earlier this year at The Experts Conference, an annual gathering of global IT pros co-sponsored by Quest and Microsoft, half of the responding organizations reported that their No. 1 compliance issue is ensuring correct user access rights (including privileged user access). In the case of managing privileged accounts, this challenge intensifies when administrators are given the “keys to the kingdom,” with far-reaching, shared anonymous access rights to vital IT systems. In the private sector, failure to manage access to information and compliance with security mandates can mean lost revenues, failed audits and damage to the brand. In government, managing user access rights represents a high stakes game in which getting out ahead of emerging threats is a matter of national security. To this point, Privileged Account Management is noted in many security standards, including ISO 27001 and NIST 800-53. A new report developed by Enterprise Management Associates, on behalf of Quest, identifies inadequate administrative access controls as “one of the most egregious IT risk gaps in many organizations.”
The report, “Why You Need to Consider Privileged Access Management (And What You May Not Know About It That You Should),” examines some of the most common excuses companies give to justify this oversight, and offers useful insight into how modern Privileged Account Management (PAM) practices and corresponding technology solutions can close the risk gap with flexible policy control, automated workflows and comprehensive reporting to enhance security, achieve compliance and improve efficiency.
To further help CXOs avert these all-to-common security risks, Quest offers three pragmatic tips:
1. Assign individual accountability to super-user activity
Shared and unmanaged administrative access is more than just a bad idea—it’s one of the fastest and easiest ways to expose an organization to undue risk, especially since these super-user accounts typically have extensive power over IT operating systems, applications, databases, etc. With shared accounts, any security or compliance breach can be traced back only to the account, and not to an individual administrator using that account.
A much better approach to risk containment involves granting administrators access rights only to what they need, as they need it, nothing more or less. Credentials should be issued only on an as-needed basis, accompanied by a full audit trail of who used them, who approved the use, what they did with them, as well as how and why they received them – and the password should be immediately changed once the use is completed. The ability to automate and secure this entire process is an effective way to manage administrative access across an entire organization. Similarly, PAM is essential to enabling federal, state and local agencies to work together, and can make or break government-wide information sharing and collaboration.
2. Implement and enforce a “least privilege” security stance for administrative access
Many administrative accounts, including those for Unix root, Windows or Active Directory admin, DBA, etc., provide unlimited permissions within their scope of control, and, when shared, open the door for malicious activity. For example, the widely publicized security breach at Fannie Mae involved an employee who used this type of super-user access to maliciously plant a logic bomb that, if undiscovered, would have crippled the entire organization and compromised the personal and financial information of approximately 1,100 people.
A more prudent approach is to establish a policy that clearly defines what each administrator (or administrator role) can and cannot do with their access. Since this process can be complicated and often difficult to enforce across diverse systems, Quest recommends the addition of granular delegation tools that are optimized for the designated platforms, and integrated with other PAM technologies such as a privilege safe, multifactor authentication or Active Directory bridge.
3. Reduce privileged account management complexity
One of the overarching PAM challenges comes from navigating diverse IT systems, each with their own unique capabilities and requirements for privileged account management. This often results in the use of specialized tools, along with ad-hoc policies and practices to control privileged account access. Unfortunately, this approach frequently complicates the audit process, making it difficult to prove that all access is controlled and that separation-of-duties principles are established and enforced.
For that reason, consolidating disparate systems into a common identity structure creates an environment where a single PAM approach can be readily enforced with greater consistency across a much larger portion of an organization, eliminating errors borne from multi-system complexity, reducing risk and lowering the expense of managing multiple systems. In addition, any consolidation of PAM capabilities under a common management and reporting interface provides enhanced efficiency.
The EMA report referenced above indicates that organizations focused on achieving a high level of discipline in configuration and change management tend to have better outcomes, not only in lower incidences of disruptive security events, but in better IT reliability, less unplanned IT work, more successful IT changes, higher server-to-system administrator ratios, and more IT projects completed on time and within budget.
Quest® One Identity Solutions Centralize and Simplify Privileged Account Management
Quest Software provides a modular, yet integrated, approach to identity and access management, specifically Privileged Account Management that controls insider threats and improves IT efficiency, as it enables organizations to eliminate the dangers of unchecked super-user access, adverse audit findings, direct penalties, and negative press exposure.
Jackson Shaw, senior director of product management, Quest Software
“Privileged Account Management will be one of the fastest-growing areas of IAM over the next few years, for good reason. Most of the recent high-profile security breaches, including the UBS Paine Webber attack and the City of San Francisco breach, happened due to lack of control over privileged accounts. What’s more, these breaches do not discriminate; they can cause equally horrific damage to any organization, no matter how large or small. It’s time for companies to take note of the severe security risk posed by poor PAM practices, and seek out a comprehensive solution befitting the task. Quest One offers a complete set of PAM capabilities, providing comprehensive controls in a flexible, modular architecture.”
Scott Crawford, Enterprise Management Associates (EMA)
“Poor controls over administrative access have resulted in real damage. PAM capabilities can help mitigate such risks and improve controls, through techniques such as ‘privilege safe’ technologies that deliver a more disciplined approach to control that supports responsible IT governance. Quest helps IT improve performance and reduce support costs by closing one of the most readily managed gaps of all: the weakness exposed when individuals have broad, anonymous, and unmonitored administrative access to the most sensitive capability in IT.”
- To see how your identity and access management performance compares to the best-in-class, take a free interactive assessment
- View demonstrations and videos: http://communities.quest.com/community/iam/blog/2012/07/28/6-new-demo-videos-privileged-account-management-solutions
- More Quest news: http://www.quest.com/newsroom/
- Twitter: http://twitter.com/quest
- Facebook: http://www.quest.com/facebook
- LinkedIn: http://www.linkedin.com/
- Quest TV: http://www.quest.com/tv/
About Quest Software (now a part of Dell)
Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and services that give them the power to do more. Quest, now a part of Dell’s Software Group, provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management. For more information, visit http://www.quest.com or http://www.dell.com.
- Quest news releases: http://www.quest.com/rss/news-releases.aspx
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.
Quest, Quest Software, and the Quest logo are trademarks or registered trademarks of Quest Software in the United States and certain other countries. All other names mentioned herein may be trademarks of their respective owners.
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
Aug. 28, 2016 12:15 PM EDT Reads: 810
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Aug. 28, 2016 11:45 AM EDT Reads: 632
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Aug. 28, 2016 11:30 AM EDT Reads: 1,937
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
Aug. 28, 2016 11:00 AM EDT Reads: 3,110
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Aug. 28, 2016 11:00 AM EDT Reads: 655
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Aug. 28, 2016 10:45 AM EDT Reads: 810
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
Aug. 28, 2016 10:30 AM EDT Reads: 866
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
Aug. 28, 2016 10:30 AM EDT Reads: 4,014
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....
Aug. 28, 2016 09:30 AM EDT Reads: 759
StarNet Communications Corp has announced the addition of three Secure Remote Desktop modules to its flagship X-Win32 PC X server. The new modules enable X-Win32 to safely tunnel the remote desktops from Linux and Unix servers to the user’s PC over encrypted SSH. Traditionally, users of PC X servers deploy the XDMCP protocol to display remote desktop environments such as the Gnome and KDE desktops on Linux servers and the CDE environment on Solaris Unix machines. XDMCP is used primarily on comp...
Aug. 28, 2016 09:30 AM EDT Reads: 702
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, wil...
Aug. 28, 2016 07:30 AM EDT Reads: 776
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Aug. 28, 2016 07:00 AM EDT Reads: 2,402
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
Aug. 28, 2016 03:30 AM EDT Reads: 2,360
With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
Aug. 28, 2016 02:00 AM EDT Reads: 1,783
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
Aug. 28, 2016 01:45 AM EDT Reads: 2,163