How to Mitigate Insider Threat Without Disrupting Business

Integrating policy control

Establishing this control process should be accompanied by a log of all actions taken by the administrator. Integrating policy control into centralized master hosts or directories helps streamline management, particularly in the sometimes laborious task of removing a terminated user's data access. With the right software, used to establish the right process, the same tasks discussed above can be extended across thousands of hosts, with minimal labor by one administrator.

While a strong process-based approach is important for privileged access to an organization, it also benefits the administrators that work in the organization. When a company is unsure about which administrator has accessed a privileged account, they are unsure about where to assign the blame when an issue occurs related to that privileged access.

In a process-based system with a detailed audit trail, it can quickly be learned who has accessed a privileged account and what operations they performed. Whether the problem was created from malicious intent or a simple error, the situation can be addressed appropriately with the administrator that created the problem. All the other administrators are cleared from the shadow of doubt, as there is positive evidence that their actions were not responsible for the problem. As an auditor once told me, "proof of innocence is a powerful thing."

Integration with Active Directory

Active Directory is an exceptional tool in centralized authentication and account access management. However, Active Directory’s authentication and policies do not natively extend to UNIX/Linux systems. Software can be used to establish a more total control of accounts within an organization by integrating UNIX and Linux hosts into the Active Directory ecosystem. What becomes truly helpful is a process where a user can be given a single password for all environments with the same security settings. This reduces constant access requests and helps to more efficiently manage account information.

Once integration with Active Directory has been established, IT managers need to make sure it is cohesive with the other processes outlined above. A good system in place will allow user management functions to streamline across multiple platforms, saving time and energy. This helps with both the termination of a user account, along with removing temporary, privileged access to a given user.

To conclude, the process-based system is an essential step in securing your IT infrastructure from the inside. Trust, while a nice ideal, is simply not practical when looking to safeguard your most sensitive data from the bad eggs out there. With the right software, and a straightforward and minimally-intrusive process, an organization can achieve an airtight set of security processes that does not disrupt workflow or alienate IT administrators.

 Jeff Nielsen is Director of Development at Symark International. Jeff has more than 20 years of IT experience on both the enterprise and vendor side. He has experience in development, technical support, product management, services, operations and business management. Prior to joining Symark, Jeff worked as an independent consultant, managing software implementation and development projects. He has also held management positions at software vendor CA, Inc., as well as IT management positions at Zenith Insurance and Tecolote Research. He can be reached at jnielsen@symark.com.