IdentityWeek recently had an opportunity to sit down with Mark Balasko, Product Manager at WALLIX – a privileged user management vendor and Lieberman Software partner – about his insights into new and emerging information security threats. Excerpts are below.
It seems like it’s now fairly routine in many organizations to allow users to have privileged access. How did we end up with this poor security practice being so commonplace?
The answer is fairly simple. For a very long time, IT decision makers have considered IT security to be limited to firewall and AV solutions. In the past, the monitoring of privileged accounts was not included in the organization’s security policies, making control and traceability of privileged accounts activity useless.
Based on your years of experience in the IT security industry, what threats do you think today’s organizations are least prepared to handle and why?
Organizations have founded their security policies on the reinforcement of the perimeter (based on the model of the fortified castle), while every day the business environment evolves and many external contractors or service providers need to be able to go through this barrier.
For example, an external contractor needs to access privileged accounts to be able to carry out his work, while being physically located on an off-shore site in India or anywhere else in the world.
Practically speaking, companies find it very difficult to process, control and trace these users’ access and activity. Paradoxically, these populations are not submitted to any control because they do not belong to the organization.
How about the future, what do you see as an emerging security threat that IT professionals should be most concerned with?
BYOD and Cloud Computing are thriving, which means the perimeter barrier will only get thinner and thinner. Organizations are now more likely to lose control of both the workstation and server or application environment. Access will therefore be more difficult to secure.
WALLIX is the European leader in Privileged User Management and have succeeded in combining the core requirements of managing privileged users, password management, access control and traceability, into a single easy to deploy appliance – The Wallix AdminBastion (WAB). For more information, visit www.wallix.com .