Increased threats to
sensitive and confidential workplace data are being created by a lack of
control and oversight of privileged users, including database administrators,
network engineers and IT security practitioners, according to a new report,
entitled “The Insecurity of Privileged Users.”
The study, sponsored by Hewlett-Packard
and conducted by the Ponemon Institute, revealed that 52 percent of
respondents are at least likely to be provided with access to restricted,
confidential information beyond the requirements of their position.
More than 60 percent of the respondents
reported that privileged users access sensitive or confidential data out of
curiosity, not job function, with customer information and general business
data at the highest risk. The most threatened applications included mobile,
social media and business unit specific applications. The global survey focused
on more than 5,000 IT operations and security managers across Australia,
Brazil, Europe, Asia and the United Kingdom and the United States. Many
respondents claimed to have well-defined policies for individuals with
privileged access rights to specific IT systems.
However, almost 40 percent
were unsure about enterprise-wide visibility into specific rights, or whether
those with privileged access rights met compliance policies. Twenty-seven
percent said their organizations use technology-based identity and access
controls to detect the sharing of system administration access rights or
root-level access rights by privileged users, and 24 percent said they combine
technology with process. However, 15 percent admitted access is not really
controlled and 11 percent said they are unable to detect sharing of access
rights.
“This study spotlights risks
that organizations don’t view with the same tenacity as critical patches,
perimeter defense and other security issues, yet it represents a major access
point to sensitive information,” said Tom Reilly, HP’s vice president and
general manager of enterprise security products. “The results clearly emphasize
the need for better access policy management, as well as advanced security
intelligence solutions, such as identity and privileged-user context, to
improve core security monitoring.”
Top barriers to enforcing
privileged-user access rights are the inability to keep pace with change
requests, inconsistent approval processes, high costs of monitoring and
difficulty in validating access changes, the report found, while areas for
improvement included monitoring privileged users’ access when entering
root-level administrative activity, identifying policy violations and enforcing
policies across an entire organization.
The potential for privileged
access abuse varies from country to country based on responses, with France,
Hong Kong and Italy having the greatest potential, and Germany, Japan and
Singapore having the least. Nearly 80 percent of respondents reported that
deploying a security information and event management (SIEM) solution was
critical to governing, managing and controlling privileged-user access rights.
“The intent of the study is
to provide a better understanding of the state of access governance in global
organizations and the likelihood privileged users will abuse or misuse IT
resources,” said Larry Ponemon, the Ponemon Institute’s chairman and founder.
“The findings demonstrate key areas of concern, and clearly identify budget,
identity and access-management technologies, and network-intelligence technologies
as the three most critical success factors for governing, managing and
controlling privileged-user access across the enterprise."
