Most Organizations Fail to Protect Confidential Data: Report

 
 
By Sean Michael Kerner  |  Posted 2013-10-04 Email Print this article Print
 
 
 
 
 
 
 

New data from a Vormetric study shows that many organizations do not restrict the actions that a privileged user can take on a network.

One of the biggest data breaches of all time occurred not by a malicious external actor, but by IT contractor Edward Snowden, who was able to take privileged information from the National Security Agency (NSA). The fact that Snowden had access is not a unique problem for the NSA, according to a new study sponsored by security firm Vormetric.

"One of the big revelations in the survey is that 73 percent of respondents said they don't block privileged users from access to sensitive data," Vormetric CEO Allan Kessler told eWEEK.

The Vormetric-sponsored study was conducted by Enterprise Strategy Group and surveyed 700 IT security decision makers. Fifty-four percent of the survey respondents also indicated that it is now more difficult to protect against an insider threat than it was two years ago. There are several reasons for this, according to Kessler, among them being the growing use of cloud computing and virtualization. Contractors are also a particular challenge. Kessler noted that Snowden was a contractor and he had tremendous access to data.

"The fundamental problem is that the folks that have access to manage an internal system have incredible amounts of privileges," Kessler said.

He added that system administrators need to have privileged access to be able to manage servers and big data stores.

"However, very few organizations realize that they can keep privileged users from seeing data and still allow them to do their job," Kessler said.

The growing use of the cloud exacerbates the issue of privileged users. Kessler noted that when an enterprise puts its workloads in the cloud, those same privileged users can also see data and can potentially do damage.

Role-Based Access Control

The idea of role-based access control (RBAC) is one that has existed for decades in IT and still serves a core role in security information.



 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel