Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking
    • Small Business

    How to Mitigate Insider Threat Without Disrupting Business

    By
    Jeff Nielsen
    -
    February 11, 2009
    Share
    Facebook
    Twitter
    Linkedin

      One of the most fundamental methods of controlling insider threat in a company is to manage and monitor both user and privileged access to critical systems and data. Very commonly, companies rely on the trust-based approach to “manage” access control. Simply trusting IT administrators with virtual “keys to the kingdom” may be appropriate in some cases, but for the most part, it is an extremely dangerous proposition that could have disastrous consequences.

      Admittedly, a trust-based system-essentially assuming that an IT administrator will behave properly with access to sensitive company data-is actually adequate in most cases. Most IT administrators are not interested in stealing, abusing or manipulating data in their organization. However, all it takes is one frustrated IT administrator to expose employee and customer data, thereby compromising a company’s customers, reputation and revenue.

      Perhaps the most obvious example of the failings of the trust-based system was the recent lockdown of San Francisco’s computer network by a network administrator. Unhappy over the way his office was being run, he set all the administrative passwords on the network devices to passwords only known to him. He used the justification that he required exclusive access to the systems to ensure that they were running properly. When he refused to divulge the passwords, he was arrested. Still, no one could access the administrative accounts of the network devices.

      In the end, he did hand over the passwords. This entire ordeal resulted in the local government in San Francisco losing money and credibility. Then pile the recent Intel, Soci??«t??« G??«n??«rale and other insider scandals on top and it all starts to become clear about what one employee can do without a process-based system in place.

      Process-based Systems: What They Are, What They Do

      Process-based systems: what they are, what they do

      Based around a few key principles, a process-based system, when executed properly, allows a company to prevent these incidents without disrupting the general flow of business. Allowing privileged access is an essential part of the business process. Most organizations, however, simply hand privileged account passwords to their administrators, trusting that they will use them appropriately-without any consideration for what happens next. Even worse, many organizations have no IT audit system in place to keep track of who has access to these privileged accounts.

      To manage privileged accounts, software must be in place to manage temporary or restricted access and to implement a process for obtaining access to those privileged accounts. Software solutions should be used to establish a detailed process, calling for justification from the administrator who is requesting privileged access (potentially requiring approval of that access by another individual in the organization), and creating an audit trail of all the steps in validating this request.

      The system should allow approvers to assess the information before allowing or denying the privileged access request. On top of that, the termination of access or the rotation of the privileged account passwords is essential to closing the loop at the end of an access request.

      What the audit trail does

      This is where the audit trail comes in. With each step of this process logged, including denial of requests, these audit trails are invaluable. These are especially important when terminating an employee and determining what they have and haven’t had access to. With this process established and backed by the right software, an organization can effectively manage access for all of the layers within the environment, create a robust IT audit trail (if needed), and terminate access as necessary.

      UNIX and Linux have many benefits over other operating systems for certain business functions. However, the “super user” or root account creates a security nightmare, allowing users logged on as root to access all data within these systems, even if business requirements dictate that they only need access to a small portion.

      A process should be established to allow an administrator to perform functions as a root user within these environments, but only allow them to conduct a core set of necessary activities. Software can be used to establish, maintain and automate these policies, and delegate access to privileged accounts such as root. This becomes a valuable tool when an administrator needs this privileged account access on a consistent basis by allowing the administrator access without handing out the actual privileged account password or unnecessary privileges.

      Integrating Policy Control

      Integrating policy control

      Establishing this control process should be accompanied by a log of all actions taken by the administrator. Integrating policy control into centralized master hosts or directories helps streamline management, particularly in the sometimes laborious task of removing a terminated user’s data access. With the right software, used to establish the right process, the same tasks discussed above can be extended across thousands of hosts, with minimal labor by one administrator.

      While a strong process-based approach is important for privileged access to an organization, it also benefits the administrators that work in the organization. When a company is unsure about which administrator has accessed a privileged account, they are unsure about where to assign the blame when an issue occurs related to that privileged access.

      In a process-based system with a detailed audit trail, it can quickly be learned who has accessed a privileged account and what operations they performed. Whether the problem was created from malicious intent or a simple error, the situation can be addressed appropriately with the administrator that created the problem. All the other administrators are cleared from the shadow of doubt, as there is positive evidence that their actions were not responsible for the problem. As an auditor once told me, “proof of innocence is a powerful thing.”

      Integration with Active Directory

      Active Directory is an exceptional tool in centralized authentication and account access management. However, Active Directory’s authentication and policies do not natively extend to UNIX/Linux systems. Software can be used to establish a more total control of accounts within an organization by integrating UNIX and Linux hosts into the Active Directory ecosystem. What becomes truly helpful is a process where a user can be given a single password for all environments with the same security settings. This reduces constant access requests and helps to more efficiently manage account information.

      Once integration with Active Directory has been established, IT managers need to make sure it is cohesive with the other processes outlined above. A good system in place will allow user management functions to streamline across multiple platforms, saving time and energy. This helps with both the termination of a user account, along with removing temporary, privileged access to a given user.

      To conclude, the process-based system is an essential step in securing your IT infrastructure from the inside. Trust, while a nice ideal, is simply not practical when looking to safeguard your most sensitive data from the bad eggs out there. With the right software, and a straightforward and minimally-intrusive process, an organization can achieve an airtight set of security processes that does not disrupt workflow or alienate IT administrators.

      /images/stories/heads/knowledge_center/nielsen_jeff70X70.jpg Jeff Nielsen is Director of Development at Symark International. Jeff has more than 20 years of IT experience on both the enterprise and vendor side. He has experience in development, technical support, product management, services, operations and business management. Prior to joining Symark, Jeff worked as an independent consultant, managing software implementation and development projects. He has also held management positions at software vendor CA, Inc., as well as IT management positions at Zenith Insurance and Tecolote Research. He can be reached at [email protected].

      Jeff Nielsen
      Jeff Nielsen is Director of Development at Symark International. Jeff has more than 20 years of IT experience on both the enterprise and vendor side. He has experience in development, technical support, product management, services, operations and business management. Prior to joining Symark, Jeff worked as an independent consultant, managing software implementation and development projects. He has also held management positions at software vendor CA, Inc., as well as IT management positions at Zenith Insurance and Tecolote Research. He can be reached at [email protected]

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×