Beyond the politics of Snowden and the implications for privacy, the affair has been a huge wake up call for CIOs.
The actions of this individual accessing and taking data from inside an organisation while only operating with what was defined as “low-level” access must make businesses reconsider how access to systems is controlled and monitored.
Information Security had become a little obsessed with building perimeters, monitoring and blocking network traffic externally and generally taking the view that everyone was outside the castle walls trying to get in. With mind-set of the besieged; stiffen the defences by recruiting more personnel and so ward off the attackers. As always, we should’ve learned lessons from the past. Two of the greatest sieges in history; an eight year Siege of Solovetsky Monastery and the Antioch siege of 1097, both ended by insiders betraying their own side. The Solovetsky Monastery fell when a monk showed the attackers a window through which they could enter whilst the Antioch siege ended when a soldier, who had command of a gate, opened it. But it was the Snowden affair that has driven insiders to the top of the current IT security agenda.
So today, we take seriously the existence of the insider threat but how many organisations are really working to take practical steps to manage and monitor user activity inside. For many implementing technology to control access or monitor user activity may seem impossibly complicated and expensive. Analyst firm Gartner identified that many Identity and Access management projects attempt to do too much, too soon instead of targeting areas that are easiest to fix and present the greatest risk. Privileged Accounts present perhaps the biggest threat to any organisation, so start there. Remove the need for Admins and Developers to know and potentially share these credentials and automate ways to keep them changing regularly.
The danger posed by privileged accounts isn’t just from users on the inside, though. Almost every exploit, hacker or targeted piece of malware will be looking for elevated privileges to get access to precious servers and data once they’re on the inside.
In my presentation at InfoSecurity Europe, I’ll explain the factors that conspired to allow Snowden to get hold of the data he did as well as challenging the notion of privileged user management complexity. If you’re trying to devise a plan of attack to control, manage and monitor session activity this talk will give you a starting point to address your biggest area of risk.
Not registered for Infosecurity Europe 2015 yet?