Whiteboard Video: Privileged Identities - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
Commentary
9/10/2009
11:32 AM
Fritz Nelson
Fritz Nelson
Commentary
Connect Directly
LinkedIn
Twitter
Facebook
Google+
RSS
E-Mail
50%
50%

Whiteboard Video: Privileged Identities

Every time I'm around information security people I get scared. Their understanding of the potential for vulnerability is daunting enough, even when they aren't consistently flaunting the dangers. Lieberman Software's president, Phil Lieberman, must have started at least 30 sentences with "But what's really scary . . . " We were just missing the marshmallows and hooting owls, and all we were talking about was managing passwords.

Every time I'm around information security people I get scared. Their understanding of the potential for vulnerability is daunting enough, even when they aren't consistently flaunting the dangers. Lieberman Software's president, Phil Lieberman, must have started at least 30 sentences with "But what's really scary . . . " We were just missing the marshmallows and hooting owls, and all we were talking about was managing passwords.Lieberman was awash in stories, like the one about an IT guy who said he gets paid whether there are breaches or not, and the security team that told him that because they didn't get caught in an audit there was no funding for security technology this year. Or companies that buy technology and never put it in place; they only have it to prove to auditors that they are taking action. Or about the auditors you can find who will guarantee you'll pass your PCI audit for a certain amount of money.

But no matter where you look there are thieves, miscreants and liars, and that was part of Lieberman's point: some of the security problems are technology related, but still too many of them are related to human nature, and human nature sometimes leads us to inaction, to taking risks, to saving money, to saving time.

;

In the video above, Lieberman outlines some specific problems in this regard, primarily in the area of privileged accounts and privileged identities. In the former, he says we create all-too frequent, unfettered access to critical hosts (like the CEOs PC) under the assumption that just because someone on the help desk is on the help desk, he or she can have that unfettered and timeless access (including, potentially, after they've left the company). In the latter, there's a scale issue: hundreds or thousands of servers, applications and other hosts, each with their own password requirements and managed under a single domain. For both problems, it's easiest to just have a simple set of passwords that rarely change.

Naturally Lieberman (among a host of players) makes technology that can automate and manage all of this, but the more important aspect of all of this is that the answer lies not in the technology, but in whether companies see this as an important enough issue; whether they see the risk as great enough to invest the time and the money to implement complex solutions.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll