Reading, Berkshire: Osirium (www.osirium.com) a leader in Privileged User & Infrastructure Management today shared recent research findings which it hopes will encourage businesses to actively review their existing privileged credential policies. Osirium has found that companies are still exposing themselves to possible external attacks because of the clear text transmission of system administrator login details.
With today’s growing number of mobile workers, remote management tasks are becoming more critical and in order for these processes to be managed more effectively, privileged credentials are often embedded in these applications or tools and this is where potential risks lie.
“It seems obvious stating that if the wrong individuals get access to these credentials, they may use them for malicious purposes, but it seems that companies continue to be oblivious to these threats, or just hope that it won’t happen to them,” said David Guyatt, CEO at Osirium. “To make things worse, these credential details often embedded in applications so they rarely get changed, even after they have unknowingly been compromised.”
Osirium warns businesses to pay more attention to this issue, because if shared group credentials are being used, then an attack on one device could well affect all the others in the same group.
“This risk is exacerbated by the fact that privileged credentials are often not just stored but also transmitted in clear text,” added Bob Tarzey, Analyst and Director at Quocirca; the organisation that conducted the research for Osirium. “The research shows that around 65% of organisations admitted that system administrator login details are sometimes transmitted this way. The problem also arises when remote system administrator tasks are carried using services such as Telnet, which sends communications in clear text.”
This issue is one that can be quickly resolved however, as applications and tools needing privileged access rights should instead be administered and monitored in the same way as ‘human’ privileged users are - for example not using group access privileges. Furthermore, the assigned login details need not be transmitted in the clear. New technologies can now ensure that passwords are easily masked or, better still, the entire transmission is encrypted.
“Our objective is to automate a lot of these typically time consuming processes that ensures systems remain secure without system administrators continually managing updates and changing passwords,” continued Guyatt. “Ultimately, managing credentials correctly is a lot easier than the clean-up operation after a security leak.”
About the Research
The research was completed by Quocirca in August 2011 and 100 interviews were collected. At the time of answering the questions, those surveyed were not aware that the research was being conducted on behalf of Osirium. Respondents were qualified in as follows:
– Must be involved in IT management with one of the following job functions: IT manager, IT security manager, IT infrastructure manager
– Must answer yes to: “are you involved with, or knowledgeable in how your organisation views and manages issues relating to privileged users (that is how the granting of the extra privileges that IT administrators require to do their jobs is controlled), the automation of IT admin tasks and how these issues relate to your organisation’s ability to meet the regulatory requirements that govern it?”
Osirium drives down operational risk and eases the pain of managing and maintaining multi-vendor IT infrastructures by providing a central, secure access point and a “built-in” best practice foundation which tracks all SysAdmin changes in the infrastructure and enables you to easily meet and maintain compliance.
Osirium dramatically improves productivity and reduces human error by automating routine and repetitive SysAdmin tasks and delegating them to less costly help desk staff, to provide faster problem resolutions with fewer errors.
Osirium is establishing itself as a new and unique IT infrastructure security solution and is already helping some of the world’s biggest brands and public sector bodies.
For more information please see: www.osirium.com
maillot jaune communications
tel: 07736 793332
tel: 0118 324 2444
This press release was distributed by ResponseSource Press Release Wire on behalf of Maillot Jaune Communications in the following categories: Business & Finance, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.