Excessive Admins and Privileged Security – Part I
May 24, 2013 | Uncategorized | John Worrall
by John Worrall
Roger Grimes of InfoWorld proved once again that he’s one IT security influencer who truly understands the privilege account problem that organizations face. His recent column, “Too many admins spoil your security,” was a microcosm of why poor privileged and admin account security is the number one security problem organizations currently face.
Roger Grimes, InfoWorld security columnist Roger shared the story of a client (he currently works for Microsoft as a Principal Security Architect) that “literally had thousands of application administrators. They have thousands of applications, many of which have hundreds of administrators; in fact, for some of those applications, every user was an administrator.”
As Roger points out – having thousands of application administrators is a nightmare scenario waiting to happen. If you read this blog, then you know that these accounts are the most powerful in any organization and give wide ranging access to almost any system on a network. This is why privileged accounts have emerged as the priority target of cyber-attackers.
Why is this a problem? As Roger states, “Every additional administrator causes linear-to-exponential growth in risk. Every additional admin doesn’t just increase his or her own risk; if they’re compromised, they add to the takedown risk of all the others. Each admin may belong to groups others do not. If a hacker compromises A and gets to B, B may more easily lead to C, and so on.”
This is exactly why we’ve been preaching that businesses need to focus on securing internal assets – and the pathways to those assets – before spending more time (and resources) on building bigger walls around the perimeter. We’ve seen time and again that motivated attackers will find a way through perimeter defenses, whether it’s through phishing, infected websites, etc.