Watching the watchers
While there's no single fix, a number of experts weigh-in on how to make certain those with privileged access don't abuse it.
December 22, 2011 — CSO —
While most attention today is placed on containing complex malware and outside hacking threats, enterprises could significantly improve their risk posture by taking a look at how well they manage the access they give privileged insiders, such as network and database administrators and other IT professionals. What most organizations find is that they don't have a firm enough grip on the access these users have.
To keep sensitive information safe and to maintain regulatory compliance, it's crucial that privileged insider access be properly managed.
"If data is highly sensitive, then monitoring should occur for those with [privileged] access," says Mark Lobel, a principal in the advisory services division of PwC.
However, in many organizations, who should be ultimately responsible with actually performing that privileged account monitoring is a tough call. In most organizations, many experts agree, the monitoring and auditing have to remain outside the IT department. "This is another reason why we are seeing more and more CISOs reporting outside of IT. It allows them to focus on policy, governance and compliance while being independent from the system administrators," says Lobel.
Experts maintain that the secret to successfully managing privileged user access is, like many things, also part process and part technology. "This is why we invented separation of duties and auditing. IT needs to be monitored by some combination of audit with tools provided by IT security. The important thing to remember is that IT security isn't supposed to be playing audit any more then they are supposed to be playing HR. Their role is to enable audit to do their jobs better just like any other business unit," says David Mortman, an analyst at the IT security research firm Securosis.
To help enforce proper privileged user access, more enterprises are turning to a segment of the identity management market known as "privileged user management," "privileged identity management," "privileged access management," or SuperUser Privilege Management tools. "SuperUser Privilege Management tools essentially allow a single trusted root administrator account to be created and then that account delegates out limited administrative privileges," explains John Pescatore, an analyst with the research firm Gartner. "This way you only have to trust one person fully and the rest of the admins can have limited access and be fully audited."
That privileged identity management market is expected to increase in coming years. Infiniti Research Analysts forecast the Global Privileged Identity Management market will grow at compound annual growth rate of 24.1 percent through 2014.