IT SECURITY Without automation, it’s simply not practical to
detect the presence of all the privileged accounts on your network – or to control and audit their use. Imagine, for example, when a senior IT staffer resigns his job and moves to a competing casino. While you can monitor his conventional user activity through your existing identity access management systems, you probably lack the tools to know precisely what super-user access the staffer requested to view and copy transaction data or change configuration settings in the days and months before his or her departure.
Taking Control Fortunately privileged identity management
software can automate the discovery, hardening, control and monitoring of all types of privileged accounts. These solutions can be deployed quickly even on the largest corporate networks, continuously securing privileged identities through a four-step process (abbreviated as I.D.E.A.):
• IDENTIFY and document all critical IT assets, their privileged accounts and interdependencies.
• DELEGATE access to credentials so that only authorised personnel, using least privilege required, with documented purpose, can login to IT assets in a timely manner at designated times.
• ENFORCE rules for password complexity, diversity and change frequency, synchronizing changes across all dependencies to prevent service disruptions.
• AUDIT and alert so that the requester, purpose, and duration of each privileged access request is documented and management is made aware of unusual events and requests.
Privileged identity management software can
automatically track privileged identities that appear on new and changed hardware and applications as they’re deployed on your network; secure all privileged passwords according to your policies; enable rapid password recovery so that IT staff can perform routine services and emergency repairs whenever necessary; and change each privileged password immediately after use to prevent unaudited access.
Choosing the Right Solution
Your choice of a privileged identity management solution should start with an honest discussion among all process stakeholders including the CSO, CIO, IT administrators, and anyone else involved in the management of sensitive accounts. The key stakeholders should be those that will suffer the most damage should the solution take too long to implement, unnecessarily add to staff workloads, or provide insufficient coverage. Define your project goals and then determine who on the team is best suited to determine whether each vendor’s proposed
solution is really a fit. You’d never choose a doctor based solely on cost,
nor would you trust a physician who writes a prescription before taking the time to diagnose your condition, check your medical history, and perhaps run some tests. The same holds true for choosing a privileged identity management vendor. Expect your software vendor to provide:
• A detailed, written analysis of your organisation’s
security and business goals; • Explicit documentation of your needs with
respect to systems, applications, and management lines of control;
• A trial evaluation of the proposed solution in a
test environment with a realistic mix of your target systems and applications;
• A clear statement of work that details the time and cost required to bring unsecured privileged accounts present in your target systems and applications under control.
News stories of insider data theft offer plenty of motivation to secure the privileged identities on your network
News stories of insider data theft offer plenty of
motivation to secure the privileged identities on your network. Fortunately with the choice of the right solution you can close this insider security threat quickly and at a reasonable cost. A senior IT executive at a large casino told us that
automating the process through a single, centralised console was like “a whole new world,” eliminating what were once time-consuming, error-prone steps that teams of IT staffers took in an attempt to document and manually change the privileged accounts present on the organisation’s network.
Philip Lieberman, President and CEO Philip Lieberman, the founder and president of Lieberman Software, has more than
30 years of experience in the software industry. In addition to his proficiency as a software engineer, Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Mr. Lieberman has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. He has a B.A. from San Francisco State University.
MARCH 2011 37
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54