A Paradigm Shift Is Needed

By Ken Ammon  |  Posted 2011-02-15 Print this article Print

A paradigm shift is needed

The sticky area has always been the way that organizations grant trust and the amount of power given to a user once that trust has been granted. There has to be a shift in paradigm. Companies should still aim to establish trust-with background investigations and such-when they engage with partners, employees, etc. However, organizations can no longer extend that level of trust to things as powerful as information systems and technology and, in particular, those trusted to administer and manage these platforms.

Commonly, a system admin gets a background check, gains clearance and is handed the ultimate access to government or company information and infrastructure. Not anymore. Companies need to move to a zero-trust model to enforce written policy with technology.

At a minimum, the WikiLeaks loss should sound an alarm for access control of privileged users such as Web and system administrators. The potential for loss is too great to expect that all people are going to pay attention to a memo or follow the employee handbook. After all, it only took one bad seed for WikiLeaks to occur.

Ken Ammon is Chief Strategy Officer at Xceedium. A recognized expert in security issues, Ken joined Xceedium from LookingGlass, a high-technology consulting firm that advises corporations and private equity funds on emerging security trends and technologies. Prior to LookingGlass, Ken was founder and president of managed security services provider NetSec. A noted security expert in matters relating to the federal government, Ken has testified before the House Government Reform Committee on dramatic security vulnerabilities affecting sensitive government information and infrastructure. Ken has also served as an adjunct faculty member at the National Cryptologic School where he was recognized with the Scientific Achievement Award. Ken began his career in the United States Air Force where he was a captain assigned to the National Security Agency. He can be reached at kammon@xceedium.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel