Whiteboard Video: Privileged Identities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
9/10/2009
11:32 AM
Fritz Nelson
Fritz Nelson
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Whiteboard Video: Privileged Identities

Every time I'm around information security people I get scared. Their understanding of the potential for vulnerability is daunting enough, even when they aren't consistently flaunting the dangers. Lieberman Software's president, Phil Lieberman, must have started at least 30 sentences with "But what's really scary . . . " We were just missing the marshmallows and hooting owls, and all we were talking about was managing passwords.

Every time I'm around information security people I get scared. Their understanding of the potential for vulnerability is daunting enough, even when they aren't consistently flaunting the dangers. Lieberman Software's president, Phil Lieberman, must have started at least 30 sentences with "But what's really scary . . . " We were just missing the marshmallows and hooting owls, and all we were talking about was managing passwords.Lieberman was awash in stories, like the one about an IT guy who said he gets paid whether there are breaches or not, and the security team that told him that because they didn't get caught in an audit there was no funding for security technology this year. Or companies that buy technology and never put it in place; they only have it to prove to auditors that they are taking action. Or about the auditors you can find who will guarantee you'll pass your PCI audit for a certain amount of money.

But no matter where you look there are thieves, miscreants and liars, and that was part of Lieberman's point: some of the security problems are technology related, but still too many of them are related to human nature, and human nature sometimes leads us to inaction, to taking risks, to saving money, to saving time.

;

In the video above, Lieberman outlines some specific problems in this regard, primarily in the area of privileged accounts and privileged identities. In the former, he says we create all-too frequent, unfettered access to critical hosts (like the CEOs PC) under the assumption that just because someone on the help desk is on the help desk, he or she can have that unfettered and timeless access (including, potentially, after they've left the company). In the latter, there's a scale issue: hundreds or thousands of servers, applications and other hosts, each with their own password requirements and managed under a single domain. For both problems, it's easiest to just have a simple set of passwords that rarely change.

Naturally Lieberman (among a host of players) makes technology that can automate and manage all of this, but the more important aspect of all of this is that the answer lies not in the technology, but in whether companies see this as an important enough issue; whether they see the risk as great enough to invest the time and the money to implement complex solutions.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll