This week I was fortunate enough to be able to attend the IT Security Guru’s annual Analyst and CISO Forum here in London. A gathering of the great and the good from the analyst community and some cutting edge vendors were part of what proved to be a fascinating roundtable with 10 of the UKs top CISOs.
There was almost universal consternation when it came to the subject of privileged access. The panel all recognised that the target of every malicious outsider is to become a privileged insider and that without those privileged accounts being used by so many people it would be possible to greatly reduce their risk from attacks. In fact one CISO had tasked a “Red Team” with testing external and internal defences and had discovered that, “Very often the most basic effort to secure privileged accounts would be enough to stop them”. But that proves difficult in the real world, where, as one CISO said, “Every user is a privileged user”.
Access by database administrators and developers is also an area of real concern as these roles very often have rights to some of the most precious and sensitive data that businesses have. Another CISO described a situation where developers were, “Routinely duplicating production databases to work with”.
Better management and control of privileged users will only come from having centralised management and visibility of how access is being used. And this will also make it much easier to audit that activity in the event of a problem.
It’s clear then that privileged access is very much at the centre of the radars of those responsible for ensuring information security and they’re seeking better ways to enable their end-users, while staying compliant.