Global 1000 CISOs Share Experience with Improving Privileged Access Controls
November 19, 2015 | Security and Risk | John Worrall
Data breaches have become a fixture in today’s headlines. Time and time again, security researchers pinpoint a common denominator in the attack chain: the exploitation of privileged accounts. There is a growing realization that preventing the theft of highly privileged credentials could short-circuit the majority of today’s sophisticated cyber attacks. This has prompted many organizations to rethink existing privileged access controls and prioritize the implementation of comprehensive privileged account security programs.
Protecting privileged credentials is one of the most pressing challenges CISOs face today. Consider this perspective: “If you don’t have good practices in privileged account management, you’re making it very easy for adversaries to traverse your whole network. If they get a hold of an over-privileged account, they’ll run through the environment like a brushfire,” Jim Connelly, Vice President & Chief Information Security Officer, Lockheed Martin
To help organizations accelerate their strategies to improve privileged access controls, CyberArk sponsored the CISO View Industry initiative. As part of this initiative, industry analyst firm Robinson Insight conducted research via in-depth interviews with some of the world’s leading security executives at Global 1000 organizations across major industries. The CISO panel included representation from: ING Bank, CIBC, Lockheed Martin, Starbucks, ANZ, CSX Corporation, Monsanto Company, Manulife, Rockwell Automation, News UK, Carlson Wagonlit Travel and McKesson.
Available today, the report, entitled The Balancing Act: The CISO View on Improving Privileged Access Controls, explores considerations for successfully implementing enterprise-wide privileged account security programs. The panelists’ first-hand perspectives provide valuable insights and sage advice based upon a wide range of experience implementing critical, widespread changes.
The recommendations consider the right balance between enabling and restricting high-levels of access to information assets. Whether planning or implementing a program, there is useful guidance available for security leaders and practitioners.
For example, key considerations early in the planning process include, “What should you do, and when?” The first chapter offers peer-to-peer guidance from the expert panel on making these core decisions, and they offer perspective on the best approach for identifying and prioritizing accounts. As Dave Estlick, Information Security Chief at Starbucks explains, “You need to figure out, ‘Where’s the area that I’m going to be able to demonstrate business value?’ not just the uplift in security but operational efficiencies.”
Sharing information on good security practices is more important than ever as organizations face increasingly sophisticated cyber threats. At CyberArk, we believe if security teams are armed with the leading wisdom of the CISO community, it will help strengthen security strategies and lead to better-protected organizations. As a provider of privileged account security solutions, we recognize that protecting privileged access is more than a security challenge – it also spans people, process and technology. It requires engagement and ongoing collaboration with the CISO community to solve.
We’ll continue to highlight and explore some of the issues addressed by the CISO panel in future blog posts, however, you can download and read the full report now: https://www.cyberark.com/cisoview/.