Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Are Your Data Security Efforts Focused in the Right Area?

January 28, 2015

  • Blog
  • Archive

Internet Security

Vormetric Data Security recently released an insider threat report, with research conducted by HarrisPoll and analyzed by Ovum. Based on the survey responses, it is apparent that there is still a great deal of insecurity over data. However, the results also show that there may be misplaced investments to address those insecurities. I will explain this position while reviewing the conclusions from the report, and identify some best practices to avoid becoming the next security breach headline.

First, let’s look at the data. When asked about who posed the biggest internal threat to corporate data, 55% of respondents to the Vormetric study said privileged users. Correspondingly, half of organizations have deployed privileged account management technology.

The survey results also indicated that 56% of respondents would be looking to increase their security spend to deal with insider threats next year. But here’s where things get weird. According to the results of the study, the leading categories where organizations plan to increase security spend during the next 12 months were: Network defenses (52%), Endpoint, Mobile device protection (50%), and so on.

Wait a sec. If we agree that preventing a data breach incident is a top security spending driver (and the report says it is), and we also agree that the biggest threat to corporate data is privileged users (and the report says it is), where in this list was investment in privileged account management? And why do only half of companies deploy privileged account management technology?

I would argue that to address the issue of insider threats to data companies are investing in the wrong areas. Here is a set of five best practices to get you on the road to better privileged account management to better protect access to data.

Secure the last mile without frustrating end users

Your user’s desktop and laptop systems are a significant attack surface, and generally the last mile of security. Start with enforcing least privilege on endpoints. Removing local admin can help to reduce as many as 80% of system vulnerabilities. Look for critical capabilities around risk compliance, session and file integrity monitoring to protect access to data, and elevating privileges by application and not by user so you can better control who can do what with their rights.

Lock down access to tier 1 systems

I would guarantee that you have tier 1 business-critical systems running on UNIX or Linux, and if you are like many companies there are few controls over privileged delegation to those systems. Traditional responses to this problem have been inefficient and incomplete (such as native OS options) or not secure enough (such as sudo). Delegating UNIX, Linux and Mac privileges and authorization without disclosing passwords for root or other accounts is essential, as is recording all privileged sessions for audits, including keystroke information. To go the next step, integrate UNIX, Linux and Mac systems into Active Directory for centralized authentication, single sign-on and Group Policy extensions for centralized configuration management.

Take control of passwords

The problem of shared credentials has significant scale and risks, from embedded or hardcoded passwords, application-to-application and application to database access, and inconsistent rotation. Where privileged password management deployments often fail is in not considering all of these scenarios. Deploying a single, hardened, appliance-based solution with broad platform support and functionality, discovering and profiling to give greater control, monitoring sessions with full playback, and using standard desktop tools for session management are best practices to achieving control and accountability over privileged passwords.

Establish a baseline and audit ongoing user activity

Can you answer the “who, what, when and where” behind changes to critical systems? If you haven’t established a permissions baseline and are not able to centrally audit changes over time, you are missing a critical step in controlling privileged access.

Report on risk

Since a privilege problem tends to involve more than one department in the organization, how well are you able to satisfy the reporting, auditing and management needs of multiple stakeholders from operations to security to compliance? Providing security and IT operations teams a single view of all assets and user activity reduces risks while helping to maximize the value of existing security investments.

Through a more programmatic approach to privileged account management – covering every scenario – providing deep analytics and extending insights out beyond privilege, you will have stronger controls in place to protect your most valuable asset – your data. Invest here first.

Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.