UK organisations still haunted by Group Admin Accounts Monday 31 October 2011 PDF Print Reading, Berkshire: Osirium (www.osirium.com) a leader in Privileged User & Infrastructure Management has today warned businesses about continuing with the use of Group Admin accounts after an independent, security focused research report found many organisations still issue them, despite the fact that they pose a significant risk to businesses whilst also contravening best practice and compliance requirements. The report found that just 40% of organisations attempted to control the use of Group Admin accounts but more worryingly, 10% of respondents also confessed that they had no way of controlling them. David Guyatt, CEO at Osirium, said “From the conversations that I am having it’s immediately apparent that most organisations recognise that Group Admin accounts are a security risk, but IT departments just don’t have the resources to create, manage and revoke all those personalised privileged accounts across their entire infrastructure. This creates a numerous operational issues but most critically opens the organisation up to the risk of both internal and external attacks.” The research, undertaken by Quocirca, on behalf of Osirium, also highlights the impact that the use of Group Admin accounts can have on compliance requirements, which clearly states that when a specific action is carried out the individual performing that task needs to be identifiable. IT security regulations and standards make strong statements about the use of privileged access to such group admin accounts. One of the controls in the IT service management standard (ITSM) ISO270001 states that “the allocation and use of privileges shall be restricted and controlled” whilst the Payment Card Industries Data Security Standard (PCI-DSS) recommends “auditing all privileged user activity”. Neither of these requirements can be met if it is not possible to identify a specific privileged user, or associate them with the actions that they have carried out. “Security is all about ensuring the right people are accessing the right things and performing the right tasks at the right time,” continued Guyatt. “However, short-cuts are often taken to save time or make life a little bit easier and sharing Group Admin accounts does both these things, unfortunately at the cost of meeting essential compliance requirements and escalating operational risks. By using solutions such as Osirium to automate the provisioning of personalised accounts throughout the entire infrastructure, full accountability and visibility of SysAdmin changes can be achieved which easily satisfies the requirements of compliance, best practice and change management processes.” About the Research The research was completed by Quocirca in August 2011 and 100 interviews were collected. At the time of answering the questions, those surveyed were not aware that the research was being conducted on behalf of Osirium. Respondents were qualified in as follows: – Must be involved in IT management with one of the following job functions: IT manager, IT security manager, IT infrastructure manager – Must answer yes to: “are you involved with, or knowledgeable in how your organisation views and manages issues relating to privileged users (that is how the granting of the extra privileges that IT administrators require to do their jobs is controlled), the automation of IT admin tasks and how these issues relate to your organisation’s ability to meet the regulatory requirements that govern it?” About Osirium Osirium drives down operational risk and eases the pain of managing and maintaining multi-vendor IT infrastructures by providing a central, secure access point and a “built-in” best practice foundation which tracks all SysAdmin changes in the infrastructure and enables you to easily meet and maintain compliance. Osirium dramatically improves productivity and reduces human error by automating routine and repetitive SysAdmin tasks and delegating them to less costly help desk staff, to provide faster problem resolutions with fewer errors. Osirium is establishing itself as a new and unique IT infrastructure security solution and is already helping some of the world’s biggest brands and public sector bodies. For more information please see: www.osirium.com Media contact: Clare Shephard maillot jaune communications tel: 07736 793332 eml: email@example.com Osirium contact: Andre Armstrong tel: 0118 324 2444 eml: firstname.lastname@example.org This press release was distributed by ResponseSource Press Release Wire on behalf of Maillot Jaune Communications in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.