• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Spotlight   »   Inconsistent access control could cripple network security

Inconsistent access control could cripple network security

  • Posted on:September 12, 2012
  • Posted in:Spotlight
  • Posted by:
    Trend Micro
0

Identifying all users and the actions they are authorized to perform are among the most basic pillars of network security. But in an era in which business executives remain unaware of the powers being exploited by IT administrators, and those IT administrators lack adequate insight into the habits of tech-savvy employees, comprehensive data protection has become a more elusive goal.

Who watches the watchmen?

With cloud computing, social media, mobile devices and several other significant technology trends simultaneously converging in the enterprise, even seasoned network managers are having trouble making sense of it all. As a result, business executives can be forgiven for deferring to the IT department in certain scenarios and entrusting these teams with high-level tasks. Unfortunately, management may be giving IT staffers more rope than they realize.

In a recent survey of 450 IT professionals conducted by Lieberman Software, nearly 40 percent of respondents indicated that they could gain unauthorized access to their company's most sensitive information – including the private documents of C-level executives. What's more, one in five respondents admitted to already accessing something they should not have while another 11 percent would do so if they wanted to find out if their job were at risk.

But perhaps most concerning of all, one-third of IT administrators were confident that company executives would not even be able to stop them if they found out what was going on.

"Many organizations rely on their IT departments to keep them safe, but all too often the reality is that powerful, privileged account credentials are being abused," explained Lieberman Software president and CEO Phillip Lieberman. "Management must step up to the plate and take charge by establishing systems and procedures to lock down data from prying eyes or their secrets will continue to be stolen from under their noses."

The first step toward progress, according to Lieberman analysts, is the identification and documentation of critical IT assets, their interdependencies and who has access at each level. Managers must also subscribe to the rule of least privilege to ensure technology teams only have the ability to access resources that are essential to the execution of their specific job functions.

Shining a light on shadow IT

While tempering the power of IT administrators is important for guarding mission-critical assets, recognizing and addressing the emergence of tech-savvy employees, or so-called shadow IT, is no less important.

Just a few years ago, IT teams had authoritarian control over business technology decisions and actions. They had superior knowledge and access to the latest and greatest utilities, and common employees patiently awaited their decisions. That model has now been turned on its head within a number of offices, largely due to the rise of Generation Y in the workforce.

Not only do these digital natives have a more mature understanding of technology than their counterparts from years past, they're more resourceful when it comes to getting their hands on what they want. As a result, there is a far greater chance that staffers will work around IT policies to acquire and use the devices and programs they prefer.

According to the latest study from Avecto, approximately three quarters of IT professionals are "in the dark" when it comes to monitoring and regulating the applications downloaded and utilized on corporate networks. The vast majority of survey respondents pointed to male employees between the ages of 20 and 35 as the most likely workforce segment to demand or usurp elevated network privileges.

As companies continue to walk the fine line between empowering employees and increasing data security risks, easy answers will be few and far between. But gaining an accurate perspective of the network rights of all users and having an honest discussion of what they want and need will be the logical first step.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Study: Social media presents enterprise security concerns
  2. Internal policy changes could mean improved security
  3. Inconsistent measurement, coordination stunting security management progress
  4. EU agency concerned with inconsistent cybersecurity reporting

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.