by John Worrall
In a recent blog post, we examined a recent article by Roger Grimes of InfoWorld, in which he wrote that “Too many admins spoil your security.” We agree with his take – and have been preaching the same thing on this blog as well. Motivated hackers will find a way into your network – that’s why security has to start by protecting the critical assets on the inside.
In examining his article closer, it’s also interesting to note that the same concern on the proliferation of application administrators can be applied to the applications themselves. Thousands of application admins means that there must be thousands of applications that are being administered too – these applications and the devices on which they run typically have admin accounts that are protected by default passwords, which are rarely changed. This type of poor security has led to some of the most devastating breaches of the past 3 years and provides attackers with an easy way to jump from system to system once they’re inside your perimeter.
As Rogers’ column rightly points out, security starts by enforcing least privileged across the enterprise, including application administrators. Accompanying this approach should be a concerted effort to identify every admin and privileged account across the organization to make sure they are monitored and controlled. This is no easy feat – our recent survey highlighted the problems companies are having just to stay aware of how many privileged accounts they have. But as Roger says “It’s never too late for old security guys to learn new risk tricks.”