How to manage the risk of your high-risk users

The CIO-level business angle on the latest tech

Every network has high-risk users. Typically, these users have broad access to the IT infrastructure and a high degree of technical knowledge. They might be internal or outsourced IT personnel, contractors, vendors or remote application developers. They know a lot about the IT systems and how they operate and might even possess "the keys to the kingdom" because they administer servers, networks, applications or databases. In fact, I might have just described … you.

Securing a network from the potential damage that can be done by high-risk users has been problematic. Even if such users have no intention of doing harm, there is still the need to monitor and report what they are doing in order to comply with regulations such as the Payment Card Industry (PCI), the The Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act. There are plenty of point solutions that control what users can do or what applications they can access. While the point solutions are helpful, they have limited visibility to what's happening in real time and tend to leave gaps in coverage.

Some companies address the need by fashioning their own solution. Richard Stiennon, chief research analyst at IT-Harvest, gives the example of a large managed security service provider (MSSP) whose security operations center (SOC) people had access to customer firewalls and routers. Not wanting to expose the login credentials to critical network gear to too many people, the MSSP set up a proxy server. Each SOC engineer would log into the proxy server and would have the credentials to log the person into the appropriate customer's devices. The proxy server would record all keystrokes to ensure an audit trail of what the engineers were doing. While the audit trail was a nice tool, it wasn't sufficient to prevent an engineer from taking some action that he shouldn't.

The founders of Xceedium took note of these coverage gaps and designed an all-in-one solution that provides control and audit for high-risk users. The Xceedium GateKeeper is a hardened appliance that allows companies to remotely manage the activities of high-risk users from a central point to anywhere in the heterogeneous IT infrastructure. IT personnel can securely access critical IT resources – from inside or outside the organization – without leaving a footprint. This lets them perform their assigned jobs without having the ability to "stray" and do more than they should. Auditors can monitor all user events and view centralized reports for accountability and testing of controls.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Every network has high-risk users. Typically, these users have broad access to the IT infrastructure and a high degree of technical knowledge. They might be internal or outsourced IT personnel, contractors, vendors or remote application developers. They know a lot about the IT systems and how they operate and might even possess "the keys to the kingdom" because they administer servers, networks, applications or databases. In fact, I might have just described … you.

Securing a network from the potential damage that can be done by high-risk users has been problematic. Even if such users have no intention of doing harm, there is still the need to monitor and report what they are doing in order to comply with regulations such as the Payment Card Industry (PCI), the The Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act. There are plenty of point solutions that control what users can do or what applications they can access. While the point solutions are helpful, they have limited visibility to what's happening in real time and tend to leave gaps in coverage.

Some companies address the need by fashioning their own solution. Richard Stiennon, chief research analyst at IT-Harvest, gives the example of a large managed security service provider (MSSP) whose security operations center (SOC) people had access to customer firewalls and routers. Not wanting to expose the login credentials to critical network gear to too many people, the MSSP set up a proxy server. Each SOC engineer would log into the proxy server and would have the credentials to log the person into the appropriate customer's devices. The proxy server would record all keystrokes to ensure an audit trail of what the engineers were doing. While the audit trail was a nice tool, it wasn't sufficient to prevent an engineer from taking some action that he shouldn't.

The founders of Xceedium took note of these coverage gaps and designed an all-in-one solution that provides control and audit for high-risk users. The Xceedium GateKeeper is a hardened appliance that allows companies to remotely manage the activities of high-risk users from a central point to anywhere in the heterogeneous IT infrastructure. IT personnel can securely access critical IT resources – from inside or outside the organization – without leaving a footprint. This lets them perform their assigned jobs without having the ability to "stray" and do more than they should. Auditors can monitor all user events and view centralized reports for accountability and testing of controls.

In essence, GateKeeper is the digital equivalent of an electronic ankle bracelet. It fits into security best practices by taking care of the last loose end: the uberuser.

Stiennon awarded Xceedium his "RSA Best in Show" award in April, calling GateKeeper a "must-have technology." Stiennon likes the GateKeeper appliance because it productizes all the features and functions needed to monitor and remediate the actions taken by high-risk users. He says enterprises "would deploy Xceedium to quickly get privileged access under control."

Linda Musthaler is a principal analyst with Essential Solutions Corporation.