How to Mitigate Insider Threat Without Disrupting Business
Mitigating insider threat has emerged as one of the most serious IT security challenges. Many organizations still debate about how best to secure their IT infrastructure from the inside, and to address the problem without alienating employees and IT administrators. Using a process-based system, Knowledge Center contributor Jeff Nielsen explains how an organization can follow an airtight set of security processes that does not disrupt workflow or alienate IT administrators.One of the most fundamental methods of controlling insider threat in a company is to manage and monitor both user and privileged access to critical systems and data. Very commonly, companies rely on the trust-based approach to "manage" access control. Simply trusting IT administrators with virtual "keys to the kingdom" may be appropriate in some cases, but for the most part, it is an extremely dangerous proposition that could have disastrous consequences. Admittedly, a trust-based system-essentially assuming that an IT administrator will behave properly with access to sensitive company data-is actually adequate in most cases. Most IT administrators are not interested in stealing, abusing or manipulating data in their organization. However, all it takes is one frustrated IT administrator to expose employee and customer data, thereby compromising a company's customers, reputation and revenue.
Perhaps the most obvious example of the failings of the trust-based system was the recent lockdown of San Francisco's computer network by a network administrator. Unhappy over the way his office was being run, he set all the administrative passwords on the network devices to passwords only known to him. He used the justification that he required exclusive access to the systems to ensure that they were running properly. When he refused to divulge the passwords, he was arrested. Still, no one could access the administrative accounts of the network devices.