Lessons from Snowden: You Must Monitor

June 13, 2013 John Worrall

by John Worrall

Since Edward Snowden went public with his story about NSA spying programs, the business community is focusing on IT administrators and their very broad access privileges. And rightly so.

In a prior blog post, I said that this case should be a wake up call to the information security and audit community. Let me put some numbers to that statement.

In 2012, Cyber-Ark interviewed 820 IT managers and C-level professionals across North America and EMEA to conduct its 6th annual Global Trust, Security and Passwords survey. What we discovered was that businesses need to have strong internal security policies for good reason:

  • 42 percent of respondents indicated that they or a colleague have used admin passwords to access information that was otherwise confidential; 25 percent of respondents were unsure.
  • 52 percent of respondents are able to get around controls put in place to monitor privileged access.
  • 45 percent of respondents indicated that they have access to information on a system that was not relevant to their employment role.

Even the most conservative interpretation of these results clearly identifies privileged accounts as a major risk factor.

Cyber-Ark believes these accounts are best treated as a built-in vulnerability throughout an IT infrastructure that needs to be actively managed. This means tightly controlling access and applying the principle of “least-privilege.”

However, the most compelling lesson that businesses can take from the Snowden story is that privileged accounts need to be monitored. Real-time monitoring of privileged accounts not only provides a complete audit trail of exactly who did what, but also provides real-time, actionable intelligence to incident response teams, enabling them to quickly detect and address malicious activity as it happens.

We have to move beyond just “privileged identity management,” which protects and monitors access to privileged credentials. The industry needs a comprehensive and more effective approach that combines credential protection with session monitoring. It’s all about “privileged account security.”

Previous Article
The Many Black Holes in Your Organization and the Scary Things They Hide
The Many Black Holes in Your Organization and the Scary Things They Hide

by David Kemp CyberArk’s recent Privileged Awareness Survey highlighted that 86 percent of large enterprise...

Next Article
Snowden’s Remarks Should Make Any InfoSec Professional Shiver
Snowden’s Remarks Should Make Any InfoSec Professional Shiver

by John Worrall Whatever your personal views on Edward Snowden’s activities with NSA secrets, his words and...