Research reveals security risks of mismanaged user access

14 Dec 2011

A lack of control and oversight of privileged users, including database administrators, network engineers and IT security practitioners, are creating increased threats to sensitive and confidential workplace data, new global research suggests.

Many respondents in the The Insecurity of Privileged Users study, conducted by the Ponemon Institute, claimed to have well-defined policies for individuals with privileged access rights to specific IT systems. However, almost 40pc were unsure about enterprise-wide visibility into specific rights, or whether those with privileged access rights met compliance policies.

Other key findings in The Insecurity of Privileged Users study include:

  • Top barriers to enforcing privileged user access rights are the inability to keep pace with change requests, inconsistent approval processes, high costs of monitoring and difficulty in validating access changes.
  • Areas for improvement include monitoring privileged users’ access when entering root-level administrative activity, identifying policy violations and enforcing policies across an entire organisation.
  • Nearly 80pc of respondents reported that deploying a security information and event management (SIEM) solution was critical to governing, managing and controlling privileged user access rights.

The study found 52pc of respondents indicated that they are at least likely to be provided with access to restricted, confidential information beyond the requirements of their position, and that 60pc of respondents reported that privileged users access sensitive or confidential data out of curiosity, not job function.

At highest risk is customer information and general business data. The most-threatened applications included mobile, social media and business-unit specific applications.

Data security risk management

Organisations attempt to maintain control over the issue in different ways.

Twenty-seven per cent of respondents said their organisations use technology-based identity and access controls to detect the sharing of system administration access rights or root-level access rights by privileged users, and 24pc said they combine technology with process.

However, 15pc admitted access is not really controlled and 11pc said they are unable to detect sharing of access rights.

“This study spotlights risks that organisations don’t view with the same tenacity as critical patches, perimeter defence and other security issues, yet it represents a major access point to sensitive information,” said Tom Reilly, vice-president and general manager, Enterprise Security Products, HP.

“The results clearly emphasise the need for better access policy management, as well as advanced security intelligence solutions, such as identity and privileged user context, to improve core security monitoring.”

The global survey focused on more than 5,000 IT operations and security managers across Australia, Brazil, France, Germany, Hong Kong, India, Italy, Japan, Korea, Singapore, Spain, United Kingdom and United States.

“The intent of the study is to provide a better understanding of the state of access governance in global organisations and the likelihood privileged users will abuse or misuse IT resources,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute.

“The findings demonstrate key areas of concern, and clearly identify budget, identity and access management technologies, and network intelligence technologies as the three most critical success factors for governing, managing and controlling privileged user access across the enterprise.”