Reading, Berkshire – Osirium (www.osirium.com) a leader in Privileged User & Infrastructure Management has today released recent research findings which indicate that the administration required to close legacy privileged accounts is often over-looked when individuals move on or change roles within an organisation.
At a time when companies are under increased scrutiny to ensure that security procedures are followed, these findings might come as a shock to some. Equally as worrying is that the research also suggests that there are likely to be plenty of privileged user accounts that still exist which are not associated with active system administrators, let alone responsible ones.
“It seems obvious stating that if the wrong individuals get access to these credentials, they may use them for malicious purposes, but it seems that companies continue to be oblivious to these threats, or just hope that it won’t happen to them,” said David Guyatt, CEO at Osirium. “To make things worse, these credential details are often embedded in applications so they rarely get changed, even after they have unknowingly been compromised.”
“If you are trying to compromise an organisation’s IT system then you ideally need to have privileged access,” explains David Guyatt, CEO at Osirium. “knowing a user’s log-in details is a starting point, but they might not get you that far unless they’re credentials with privileged access. Privileged user accounts are so appealing to hackers because they have a much wider and more powerful range of controls than a normal network user - often far more than these individuals actually need.”
Osirium’s research showed that 58% of organisations did not have full control over the management of such accounts. 54% of respondents also admitted that accounts could be left active, even when a privileged user had left an organisation or changed roles to a position that no longer required privileged access.
“This is not just an issue with regard to external hackers,” said Bob Tarzey, Analyst and Director at Quocirca; the organisation that conducted the research for Osirium. “For example, the French Bank Société Générale lost €4.9 billion when a rogue trader was able to perpetrate and cover up a fraud for a couple of years because he still had access to a privileged user account which had not been disabled when he moved on. Many businesses lack systematic controls over privileged access and are unable to associate individuals acting under privilege with their actions; this is an unacceptable operational risk. It doesn’t need to be like this, default privileged user accounts, and those assigned to users who no longer need them, can be easily identified and closed if the business has the right tools in place.”
The ability to overcome this issue solves a critical security gap. These legacy accounts are typically hidden, unused and their original purpose is often unclear which means that disabling or removing associated actions can pose a significant security risk.
“Ensuring privileges are taken away from users that no longer require them can be controlled either by making the allocation of privileges an extension of standard identity and access management, or by granting all privileges on a “time-allocation” basis,” continued Guyatt. “Osirium uses a systematic approach and, along with task automation, greatly reduces the disruption and man-power needed to complete the task. Consequently the operational risks from legacy privileged accounts and the misuse of such credentials can be resolved once and for all.”
About the Research
The research was completed by Quocirca in August 2011 and 100 interviews were collected. At the time of answering the questions, those surveyed were not aware that the research was being conducted on behalf of Osirium. Respondents were qualified in as follows:
– Must be involved in IT management with one of the following job functions: IT manager, IT security manager, IT infrastructure manager
– Must answer yes to: “are you involved with, or knowledgeable in how your organisation views and manages issues relating to privileged users (that is how the granting of the extra privileges that IT administrators require to do their jobs is controlled), the automation of IT admin tasks and how these issues relate to your organisation’s ability to meet the regulatory requirements that govern it?”
Osirium drives down operational risk and eases the pain of managing and maintaining multi-vendor IT infrastructures by providing a central, secure access point and a “built-in” best practice foundation which tracks all SysAdmin changes in the infrastructure and enables you to easily meet and maintain compliance.
Osirium dramatically improves productivity and reduces human error by automating routine and repetitive SysAdmin tasks and delegating them to less costly help desk staff, to provide faster problem resolutions with fewer errors.
Osirium is establishing itself as a new and unique IT infrastructure security solution and is already helping some of the world’s biggest brands and public sector bodies.
For more information please see: www.osirium.com
maillot jaune communications
tel: 07736 793332
tel: 0118 324 2444
This press release was distributed by ResponseSource Press Release Wire on behalf of Maillot Jaune Communications in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.