Lessons from Snowden: You Must Monitor
June 13, 2013 | Uncategorized | John Worrall
by John Worrall
Since Edward Snowden went public with his story about NSA spying programs, the business community is focusing on IT administrators and their very broad access privileges. And rightly so.
In a prior blog post, I said that this case should be a wake up call to the information security and audit community. Let me put some numbers to that statement.
In 2012, Cyber-Ark interviewed 820 IT managers and C-level professionals across North America and EMEA to conduct its 6th annual Global Trust, Security and Passwords survey. What we discovered was that businesses need to have strong internal security policies for good reason:
- 42 percent of respondents indicated that they or a colleague have used admin passwords to access information that was otherwise confidential; 25 percent of respondents were unsure.
- 52 percent of respondents are able to get around controls put in place to monitor privileged access.
- 45 percent of respondents indicated that they have access to information on a system that was not relevant to their employment role.
Even the most conservative interpretation of these results clearly identifies privileged accounts as a major risk factor.
Cyber-Ark believes these accounts are best treated as a built-in vulnerability throughout an IT infrastructure that needs to be actively managed. This means tightly controlling access and applying the principle of “least-privilege.”
However, the most compelling lesson that businesses can take from the Snowden story is that privileged accounts need to be monitored. Real-time monitoring of privileged accounts not only provides a complete audit trail of exactly who did what, but also provides real-time, actionable intelligence to incident response teams, enabling them to quickly detect and address malicious activity as it happens.
We have to move beyond just “privileged identity management,” which protects and monitors access to privileged credentials. The industry needs a comprehensive and more effective approach that combines credential protection with session monitoring. It’s all about “privileged account security.”