The compliance landscape for government agencies changes with almost every administration. There are always new requirements – and penalties – that agencies have to be able to anticipate, implement, and report on. At the same time, government information networks – like their counterparts in public and private enterprises – are constantly vulnerable to both internal and external threats. Each of these types of threats has their own unique characteristics.
- Internal threats may be malicious (designed to cause harm) or unintentional (the result of human error), exposing weaknesses in the agency’s defenses and policies. Regardless of intent, insiders can do significant damage quickly, as they are already inside perimeter-layer security.
- External threats are designed to exploit vulnerabilities in networks and endpoints; they often seek to gain a foothold where they can act as an insider. Once an attacker gains administrative access, it is easy to make configuration changes that enable the installation of malicious software, and alter security controls for unfettered access to sensitive information.
The collateral damage of such attacks is extensive, ranging from “simple” non-compliance consequences to national security threats. Intellectual property, defense information, personnel records, and other classified information can easily be stolen, sold, and used against the interests of the U.S. government, its citizens, and its allies. The key is to enforce strict limits on what a given network user is able to do in terms of accessing and utilizing network resources, and to monitor usage to quickly identify improper activity.
The most effective approach to take with end users in the current environment involves restricting access privileges through both policy and technology methods – allowing the least possible privilege for every user. This is the domain of BeyondTrust’s PowerBroker privileged account management (PAM) solutions.
What does “privilege” have to do with it?
The least-privilege approach has gained a lot of credibility recently thanks to one notorious name: Edward Snowden. In the aftermath of Snowden leaking classified information he had access privileges to, the NSA announced it would reduce system administrator privileges by 90%. Indeed, “Insider and privilege misuse” was identified by the 2014 Verizon Data Breach Investigations Report as one of the nine basic patterns of activity in the past decade that have resulted in confirmed data breaches.