RomanenkoAlexey - Fotolia
I read recently that "privileged user" abuse and malicious behavior is a growing concern within the enterprise, according to a Ponemon survey. What is a privileged user specifically, and how can my company mitigate the inside threat they might pose?
The old saying "absolute power corrupts absolutely" applies as much today as when it was written in 1887. Privileged users have become the glue that holds together our interconnected modern society and are just as necessary as the systems they manage. They maintain user accounts, apply software updates, perform backups and replace failed components. These types of tasks require users to have the highest level of access, which grants them absolute power over the systems and data they oversee. Even good employees will struggle with the temptation to access this data. Employees with malicious intent can cause serious monetary and organizational harm if their actions go undetected.
There are several different techniques that organizations can employ to reduce the threat from this ultimate insider. The most important is to remove absolute power from any one individual. Democratic governments are structured so that checks and balances prevent abuse of power; the duties of privileged users can be divided in the same way. An administrator who adds user accounts is audited by another administrator who monitors access logs for example. The procedure to modify firewall rules can require two administrators to verify the changes are appropriate.
Organizations are inadvertently handing control of technology assets to only a few individuals. This high level of access provides a potentially irresistible opportunity for abuse if it is not governed with controls like separation of duties. Technical controls must be in place to enforce this separation like smart cards for strong authentication, separate administrative accounts and logging systems to verify appropriate use. Implementing separation of duties for privileged users is not that different from how it is employed in other areas of the organization, such as finance. If absolute power corrupts absolutely, it is time to remove the absolute power from privileged users.
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Consider implementing the least privilege principle to protect privileged users.
Dig Deeper on Security Awareness Training and Internal Threats-Information
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Netflix released its own threat monitoring tools: Scumblr, Sketchy and Workflowable. Expert Joseph Granneman looks at these tools and their benefits ... Continue Reading