BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Welcome to RSA 2012 - and the world of 2012 cybersecurity defences

October 20, 2017

  • Blog
  • Archive

With the RSA Security Conference now upon us in the US – and with a welter of really interesting announcements coming out of the San Francisco event – I was intrigued to read a guest column from Art Coviello, the executive vice president of EMC, the parent company to RSA Security, on Forbes.

Coviello’s comments - citing the Bob Dylan track, `the times, they are a changin' - are bang on the money, especially when he recommends that IT security now needs to be a board level discussion.

This coincides with our thoughts here at Avecto, as the involvement of a board level discussion on security will help IT security managers to determine the `sweet spot' where the organization has invested in sufficient security to say it has carried out what any reasonable company would do to defend its digital assets.

And in today's security governance-rich environment, the expensive cost of reaching that sweet spot can be lowered by adopting a multi-layered approach to IT security and so help to ensure that the advantages of one type of security can offset the disadvantage - namely the weak spots - of another system.

At the risk of sounding like an accountant, this all comes down to the risk/reward balancing game which Coviello hints at in his column, but with the additional factor of cost entering the equation.

The EMC/RSA chief is, of course, quite correct in his assertion that the security world is changing, but our belief is that it’s not just about balancing risk with security, it's also about balancing the cost of the security against the reward in terms of the level of security assurance that the expenditure will generate for a typical company.

And whilst there is no such thing as absolute IT security in today's multi-vectored threat landscape, it is clear that multiple layers of defense can often produce a better overall return on investment curve than if just one or two layers of security are involved.

Our experience suggests that treating the governance levels of, for example, the PCI Security Standards Council as a starting point in security terms and working upwards - depending on the risk/cost/reward stance your organization is prepared to invest in - is the best way forward.

And when you factor in Coviello's sound advice that you need to continue to evolve your organization's thinking about security - working on the premise that shared knowledge is a powerful advantage - you realize that adding extra layers of defenses - such as a Windows privileged account management system that lowers your security risk profile - can help tremendously in the risk/cost/reward stakes.

The ideal solution is to apply least privilege principles to as many users as possible, with specific members of staff having limited access to admin facilities and, even then, only on the specific applications they need access to on a regular basis.

Our approach with Windows privilege management is to give users only the access and privileges they need to complete the task at hand. In most cases this will be for specific applications, tasks or scripts, and by assigning specific rights to those applications, you no longer need to give them to users. As Windows security expert Russell Smith, explains in his book ‘Least Privilege Security for Windows7, Vista and XP’, taking away user privileges can be similar to taking a toy away from a small child. Bottom line is that user expectations have a real impact on the security of any organization, so empowering them to perform their role without compromising the integrity or security of their systems makes good financial sense.

As Coviello says in his column, as cyber threats escalate, we must invest in building a cybersecurity workforce with the requisite skills to defend enterprises, governments, and critical infrastructures.

And whilst – again as the EMC/RSA chief against observes - these individuals need a 360-degree view of security that combines computer science, risk assessment, analytics, digital forensics, and human behavior – it should also be clear that the addition of multiple layers of security can only enhance the risk/cost/reward ratios.

Even if you’re not a board level professional, that should still make you smile.

For more on Art Coviello's words of wisdom: http://onforb.es/yk5f32

Paul Kenyon,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Capabilities to NIST SP 800-207

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.