New Readers

 Home News and World Report Buyers Guide Global Excellence Technology Case Studies Editorial Awards About Info Security
Biggest threat in the coming year for enterprises adopting cloud infrastructure

With more than 25 years of global success, BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. BeyondTrust offers consistent policy-driven, role-based access control, monitoring, logging, and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, public, private, and hybrid cloud environments.

In the following interview, Brian Anderson, Chief Marketing Officer of BeyondTrust, discusses 1:1 with Info Security PG, Editor-in-Chief of Info Security Products Guide, the biggest threat in the coming year for enterprises adopting cloud infrastructure.

Info Security PG: Over the years, have any fundamental changes contributed to an increase in internal security threats or were internal threats never taken too seriously, until now, by most enterprises? What are the biggest misconceptions around insider threats?

Brian Anderson: I think the most fundamental change has been that in adding complexity to the IT security model. We have opened up a lot more holes in which insiders can ultimately make intentional, accidental or indirect mistakes that cause harm to organizations. Also, the internet has made how to hack and/or misuse IT current privilege common place. Anyone can get educated on how to wreak havoc after just spending a few minutes on YouTube.

One of the biggest misconceptions around insider threats perhaps is the belief that an organization’s IT environment can rely solely on the idea of employee trust. Trust is a great thing, but not plausible whatsoever when talking about the security of mission-critical assets. It’s amazing how many times trust is the reason given when asked why certain users have advanced administrative rights. The fact is that even trustworthy and well-seasoned employees can have their credentials hijacked or make mistakes. In order to be completely compliant, users must only have access to the information they absolutely need to perform their jobs. The bottom line is that least privilege saves money, keeps information secure, and allows your corporation to remain compliant.

Info Security PG: Which size or type of enterprise is most vulnerable to internal security threats? What steps can organizations take to eliminate insider threats, considering that multiple devices and multiple locations are now becoming an integral part of their operations?

Brian Anderson: Simply put, size doesn’t matter when it comes to insider threats. Rogue employees can be found at Fortune 500 companies down to small businesses with less than ten employees. If there is one thing we know, insider threats don’t discriminate based on size.  They are becoming a global phenomenon. Every company in every part of the world is subject to some level of insider threat.

Insider threats are so prevalent that we felt compelled to author the book  “Preventing Good People from Doing Bad Things” that helps readers establish a well-defined awareness of boundaries, which enables end users and applications to communicate freely within an IT environment without worry of intentional, accidental, or indirect misuse of privilege.

In most situations it's more often than not the case that people have way too much privilege access - admin rights on the desktop, root password on server - for the role they are required to play. So, how do you protect privileged accounts in your organization? The short answer is to eliminate all admin rights across servers, desktops, networks devices, virtual servers and cloud environments. 

Having well defined awareness of boundaries enables end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege. Boundaries allow a more productive and compliant dialogue to take place between users and the IT department and proactively deters attempts of misuse.

Info Security PG: Cloud computing is becoming ubiquitous in the enterprise. What’s the biggest threat in the coming year for enterprises adopting cloud infrastructure?

Brian Anderson: It seems as if every business and IT executive that I talk to lately literally has their “head in the clouds.”  Every conversation about current or impending strategies for information assets almost universally contains some mention of a public, private or hybrid cloud deployment. A more interesting observation of these conversations is that the lure of liberating ourselves from the burden of managing applications and data shouldn’t mean we stop having high expectations about how those applications and data are managed. Unfortunately, moving infrastructure and/or applications into public or private clouds doesn't necessarily make you more secure, compliant or risk-free. 

We recently conducted our own survey that found 71 percent of respondents wouldn't trust a cloud vendor with highly regulated data. Some participants even scoffed at the idea and the few who marked "yes" emphasized they wish there was a “depends” option. What’s more scary is that 60 percent of respondents didn't know or weren't sure what their cloud vendors' privileged access policies were. 

The human element is definitely the biggest threat facing enterprises adopting cloud infrastructure. Customers of cloud vendors need to be more proactive. They need to set requirements for privileged access, ask questions, demand reports and know their policies. 

Company: BeyondTrust
2173 Salk Avenue,
Carlsbad, CA U.S.A.

Founded in: 1985
CEO: John Mutch
Public or Private: Private
Products and Services: Security
Company's Goals: VBeyondTrust’s goal is to help organizations secure the perimeter within to mitigate internal threats and the misuse of privileges.

Bookmark and Share