In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report from the Ponemon Institute to illustrate.
This week, we talk about how granularity and starting from the inside and working outward can help improve data security.
Balance security and productivity through granularity
Organizations must guard against a loss of productivity from over-indexing on security. Data from the Ponemon report makes the problem abundantly clear: 52% of end users say their access to company data is being restricted, with 25% reporting a very significant, and 30% report a significant, impact on their productivity. The report also states that one-third of IT practitioners and 38% of end users would accept more risk to their corporate data if they could maintain productivity.
How do you overcome this challenge? The answer is granularity – or more precisely having fine-grained controls over access, applications and data. Broad brushes aren’t enough. Start with eliminating admin rights on all endpoints, and then elevate rights by application and not user. This closes a risk gap while still allowing essential access. Next, implement password automation over privileged accounts with access to sensitive systems. A workflow-based approach will add accountability without compromising the user experience.
Start with the inside and work your way out
The Ponemon report states that end users and IT practitioners agree that the compromise of insider accounts is likely insiders’ fault, with 59% of IT practitioners and 64% of end users believing the compromise of insider accounts is due to negligent insiders. 74% of IT practitioners believe insiders are to blame for the leakage of company data.
It continues to astound me (and many others) why organizations don’t implement tighter controls over access to internal information. Yes, it can be a productivity drain, but as shown above when automation, workflow and education intersect you’ll see fewer productivity drains. It’s a partnership between people-process-technology.
Where to start?
Deploying a least privilege model to data access can significantly reduce risk from compromises. When considering where to start, ask yourself these three questions:
1. Can my privileged account management solution deliver both broad and deep privileged account management capability across every scenario?
2. Can my privileged account management solution provide detailed reporting for multiple stakeholders, delivering the visibility and insights needed to mitigate security and compliance concerns and tighten up operational practices?
3. Can my privileged account management solution align with other security solutions, providing a more complete picture of IT risk management in context helping me make better decisions to reduce overall risk?
If you answered “no” to any of these three questions, we’re happy to help.
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.