Most Organizations Fail to Protect Confidential Data: Report
New data from a Vormetric study shows that many organizations do not restrict the actions that a privileged user can take on a network.One of the biggest data breaches of all time occurred not by a malicious external actor, but by IT contractor Edward Snowden, who was able to take privileged information from the National Security Agency (NSA). The fact that Snowden had access is not a unique problem for the NSA, according to a new study sponsored by security firm Vormetric. "One of the big revelations in the survey is that 73 percent of respondents said they don't block privileged users from access to sensitive data," Vormetric CEO Allan Kessler told eWEEK. The Vormetric-sponsored study was conducted by Enterprise Strategy Group and surveyed 700 IT security decision makers. Fifty-four percent of the survey respondents also indicated that it is now more difficult to protect against an insider threat than it was two years ago. There are several reasons for this, according to Kessler, among them being the growing use of cloud computing and virtualization. Contractors are also a particular challenge. Kessler noted that Snowden was a contractor and he had tremendous access to data. "The fundamental problem is that the folks that have access to manage an internal system have incredible amounts of privileges," Kessler said.
He added that system administrators need to have privileged access to be able to manage servers and big data stores.