Home » News » Currently Reading:

Bad practice by privileged users is putting data at risk

January 5, 2010 News

A Europe-wide study has demonstrates that despite their trusted position privileged users are frequently the weakest link in the corporate security chain, due to poor management, inefficient manual processes and lack of awareness. The study’s Image Courtesy of the BBC ©findings indicate a real risk of privileged user accounts being compromised, mirroring the ongoing case of Gary McKinnon, who gained access to the Pentagon’s IT systems.

While many of the 270 medium and large European organisations surveyed claimed to take steps to protect confidential data including highly personal customer information, 41 percent of supposedly ISO27001 compliant organisations admitted non-compliant practices such as sharing privileged user accounts. The survey, “Privileged User Management―It’s Time to Take Control”, looks at how privileged user management (PUM) is carried out across Europe. The findings are based on interviews with senior IT managers in 14 countries.

Across Europe, 24 percent of organisations rely on forms of manual control for overseeing and controlling the actions of privileged users. Manual control is time-consuming, excessively expensive, unreliable, prone to error and most importantly, un-auditable. In the UK this figure rises to 29 percent. Despite the availability of PUM systems, only 26 percent of European organisations surveyed have actually deployed them in full.

The research reveals that controlling and monitoring the activities of privileged users is not sufficiently high on the agenda of IT managers, despite the huge amount of trust placed in them. Respondents rank PUM below seven other actual security threats to the organisation (scoring 2.54 out of five on an index of threat), below malware (2.9), the Internet (2.7), internal users (2.7), and Web 2.0 tools (2.6).

Budget availability may be a reason for this prevarication (scoring 3.3 out of five on the scale of limiting factors), although 85 percent state that the budget spent on IT security is either stable or increasing as a proportion over overall IT spending. Ultimately, it is likely that another main reason for holding back is an under appreciation of the risks presented by privileged users.

“This landmark research provides strong evidence that organisations are overlooking a crucial area of IT security―the privileged access they grant to themselves or their colleagues in order to do their jobs,” says Simon Godfrey, director, Security Solutions, CA. “While such access is necessary, it is most commonly managed on an ad hoc basis and, despite claims to pay heed to the requirements of regulators, requirements with regard to privileged users are often overlooked. It is in the best interests of individual IT managers, the IT department, and the overall business to have measures in place to control and monitor privileged users. The deployment of PUM tools enables this and allows organisations to mature their use of PUM over time. Privilege User management is key to compliance, to reducing risk exposure, and to protecting critical business applications.”

To download a copy of the survey report, please visit www.ca.com/gb/mediaresourcecentre

Subscribe to the newsletter:

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletter

Our Sponsors

<

Stay Connected

Follow VitALMagazine on Twitter RSS

Features:

Shifting up a gear

November 16, 2011

Shifting up a gear

Over the last three years outsource Service Management supplier The Internet Group has been scaling up its services to add the mid-market to its existing portfolio of SME clients. In the process it has had to tackle SDI and ITIL and fundamentally shift up a gear in the way it does business. Matt Bailey spoke [...]

Translating knowledge into results

November 16, 2011

Translating knowledge into results

A familiar name in the world of ITIL, Pink Elephant has been at the forefront of IT management best practise for over 30 years. Caroline Wyatt, Head of Corporate Development explains the company’s approach and offers an example of how its ‘classroom in the cloud’ approach to training is helping one of its clients. Pink [...]

Service Catalogues – Changing the face of IT

November 16, 2011

Service Catalogues – Changing the face of IT

At a recent seminar, the delegates chose the Service Catalogue as their focus. With this in mind, Cherwell Software’s Tony Probert, sets out to explore the business benefits for an organisation of developing and implementing a Service Catalogue. Having attended a recent seminar hosted by the Service Desk Institute (SDI), it reminded me that people [...]

Evolution of theory

November 16, 2011

Evolution of theory

Christine Headford, product director at RMS Services explains why continual service improvement (CSI) must evolve to include business intelligence (BI) and how HEROes – highly empowered and resourceful operatives can help. ITIL has been around a long time; it is 20 years since the first ITIL manuals started appearing on desks and IT professionals started [...]