A Paradigm Shift Is Needed
A paradigm shift is needed
The sticky area has always been the way that organizations grant trust and the amount of power given to a user once that trust has been granted. There has to be a shift in paradigm. Companies should still aim to establish trust-with background investigations and such-when they engage with partners, employees, etc. However, organizations can no longer extend that level of trust to things as powerful as information systems and technology and, in particular, those trusted to administer and manage these platforms.
Commonly, a system admin gets a background check, gains clearance and is handed the ultimate access to government or company information and infrastructure. Not anymore. Companies need to move to a zero-trust model to enforce written policy with technology.
At a minimum, the WikiLeaks loss should sound an alarm for access control of privileged users such as Web and system administrators. The potential for loss is too great to expect that all people are going to pay attention to a memo or follow the employee handbook. After all, it only took one bad seed for WikiLeaks to occur.