Like many folks in my position, I spend a lot of time on the road. Things I never thought I would care much about, suddenly became part of my #LifeGoals, like hearing“Welcome to Diamond Status Mr. Silva”. Keys, whether physical or virtual, are used for everything. They provide access to our homes, our data, kingdoms, and our cars (but more on that last part in a bit.)
I recently attended Microsoft Ignite 2017. Throughout the plethora of sessions, 1-on-1 conversations and other vendors’ presentations one topic stood out—privileges. It would seem very odd if someone broke into a bank and stole a stapler. The access the would-be thieves want is to the vault or boxes. Digital thieves are no different. Do you think they want pictures of our kid’s soccer game? They’re after something much more profitable. And to get this, they want a more critical, or rather, the master key.
This is why it is crucial that all of us do our part to protect and keep track of our keys. As IT and Security professionals we need to not only understand the information our companies have, but how our users utilize it, what ways attackers will try to take them, and of course how best to stop that from happening. It all comes back to privileges.
If a user doesn’t need access to sensitive data or servers, why do they continuously have it? If we keep telling our users not to write down or share passwords, why does it keep happening? And if a user does require the ability to run a couple of applications that happen to require elevated rights, why do we make their logon accounts full admin? The answer is simple, it’s the reality of life. It seems too complicated to maintain a workflow that only provides access to certain servers based on ‘WhoAmI’ or trying to remember the endless stream of passwords in our lives that have to be changed over and over again. Even the idea that with the thousands upon thousands of applications we come across, we should somehow know exactly what’s needed to make these few applications work and give just those rights, to just the right people.
Much like the liver in our biological lives, we need something in computer lives that helps filter the bad and digest the good. That is exactly what myself and my team helps organizations just like yours do every day. We help answer the how, what, and why of security. What should we be doing? Is there a balance between what is natively offered in an OS and the products that we at BeyondTrust offer? Why is doing “this before that” more important?” helping you protect those keys and with it your bottom-line and reputation.
But back to the cars comment earlier and a very valuable lesson I learned when you give too many keys. In case she’s reading this: my wife is amazing—truly, my counterpart. She was spending the night away to attend some meetings and visit our son at school. It’s a six-hour ride on an easy day. Running through her exit routine, she listed out her car keys. Being the helpful husband that I am I handed her said keys and went about my day happy with the knowledge of how great a guy I was.
About two hours later I got what can only be referred to as ‘The Great Text of 2017’. To keep things professional, I will only allude to what it read—the keys I gave her, were mine, and as it turns out, she had hers as well. In other words, she would now have to drive back two hours to return a set of keys she did not need, only to turn right back around and start her commute again.
I’m not afraid to admit, I would have rather crawled down a sewer and take on a balloon-wielding clown than face the consequence of adding 4 hours to my wife’s commute. In the end, I’m still happily married (she is amazing, after all). As humorous as the story may be, to me at least, points out not only the importance of keys, but how easy and dangerous it is to give out the wrong ones at the wrong time.
Interested in learning more about our privileged access management solutions? Request a personalized demo today.