- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
Sensational stories of disgruntled IT workers wreaking havoc on company systems could drive security managers to upgrade their identity and access management policies, but compliance and ease-of-management are also drawing enterprise IT groups to consider privileged user management technologies.
How to stop IT managers from going rogue
Entitlement management: Access control on steroids
Enterprise IT security and systems administrators today deal with ever-changing, complex environments that fall under intense scrutiny from auditors seeking to prove regulatory compliance. Such demands drive up the need for fine-grained access controls and sensitive user management, industry watchers say.
“As organizations grow in size and complexity, the number of administrators accessing sensitive systems or data grows as well. Spreadsheets, sealed envelopes, printouts, sticky notes, and other old-fashioned ways of managing access and passwords on sensitive systems don't scale, don't provide sufficient levels of security, and don't provide enough auditing details that today's auditors require,” reads a Forrester Research report.
And as complexity grows, so does the potential for insider threat, says Andras Cser, a senior analyst with Forrester. He says nearly 50% of breaches occur inside companies’ firewalls, both intentionally and accidentally, and most likely because IT groups are unable to set policies that ensure separation of duties with outdated technologies. Companies such as BeyondTrust, e-DMZ, Cloakware, Lieberman Software and Cyber-Ark today work to advance access control tools to enable security teams to safeguard their networks from internal threats. Such tools create and monitor passwords, eliminating the practice of multiple administrators logging on with the same user ID and password.
“There are cases in which developers have access to systems that violates compliance and security best practices, but it is difficult to track because environments get so complex,” Cser says. “And compliance requires now that companies show who has access to what, when and why. That all has to be documented for auditors.”
The products keep passwords in a vault of sorts, and monitor access from multiple parties. The technology can automate password changes to keep systems more secure and track the workflow of changes made and by whom in the IT group. And many of the tools provide software development kits or adapters to applications and systems to help IT encompass as many password-safe systems in the management approach as possible.
Denise Dubie is senior editor with Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment