How to Mitigate Insider Threat Without Disrupting Business - Page 2

Process-based systems: what they are, what they do

Based around a few key principles, a process-based system, when executed properly, allows a company to prevent these incidents without disrupting the general flow of business. Allowing privileged access is an essential part of the business process. Most organizations, however, simply hand privileged account passwords to their administrators, trusting that they will use them appropriately-without any consideration for what happens next. Even worse, many organizations have no IT audit system in place to keep track of who has access to these privileged accounts.

To manage privileged accounts, software must be in place to manage temporary or restricted access and to implement a process for obtaining access to those privileged accounts. Software solutions should be used to establish a detailed process, calling for justification from the administrator who is requesting privileged access (potentially requiring approval of that access by another individual in the organization), and creating an audit trail of all the steps in validating this request.

The system should allow approvers to assess the information before allowing or denying the privileged access request. On top of that, the termination of access or the rotation of the privileged account passwords is essential to closing the loop at the end of an access request.

What the audit trail does

This is where the audit trail comes in. With each step of this process logged, including denial of requests, these audit trails are invaluable. These are especially important when terminating an employee and determining what they have and haven't had access to. With this process established and backed by the right software, an organization can effectively manage access for all of the layers within the environment, create a robust IT audit trail (if needed), and terminate access as necessary.

UNIX and Linux have many benefits over other operating systems for certain business functions. However, the "super user" or root account creates a security nightmare, allowing users logged on as root to access all data within these systems, even if business requirements dictate that they only need access to a small portion.

A process should be established to allow an administrator to perform functions as a root user within these environments, but only allow them to conduct a core set of necessary activities. Software can be used to establish, maintain and automate these policies, and delegate access to privileged accounts such as root. This becomes a valuable tool when an administrator needs this privileged account access on a consistent basis by allowing the administrator access without handing out the actual privileged account password or unnecessary privileges.