I was writing a whitepaper recently on privilege abuse and I noticed spellcheck had picked up on a typo on the word ‘privilege.’ I right clicked, and the thesaurus gave me some possible alternatives which really made me think about what it is for a user to be privileged.
Imagine if we actually thought about the people we are granting privileged access to in these terms? Would all the people that currently have access to our confidential data meet these conditions?
It seems to me, our attitude towards data has changed a lot over the last 20 or 30 years. When I think back to the 1980s, data was held under lock and key, security cameras were on, assigned users were trusted key holders and the risks of data breaches were fewer. If you were a keyholder, you were usually vetted and checked beforehand and you knew this was a privilege. You understood you had a responsibility to safeguard the property and the data. You knew the data must have some intrinsic value otherwise it wouldn’t be under lock and key. You were aware you were ‘favoured’ and trusted.
When we think about how we currently handle access to data, I wonder how many of our privileged users feel this sense of responsibility. I think its most likely they don’t. In our experience, organisations are only too quick to grant access, or worse still, don’t even know who has access to their most critical data. Granted, it is lot more complicated than it used to be. Clearly – being able to access data faster and more efficiently is a good thing. However, there are clearly some aspects of data handling and security from the past that we could bring back today which may help.
My opinion is, we should always know at all times who holds these privileges. As a baseline, we should ensure we have appropriate tools and mechanisms in place to know how our users are interacting with our unstructured data. Ideally you should also ensure you’re able to operate some form of least privilege over the data that really matters. Enterprises probably need to be a lot more conscious about granting access to data if we’re going to address issues such as privilege abuse. Often, the challenge the challenges organizations face is that the users who abuse their privileges probably should not have been privileged in the first place.
This is really one of the main reasons we got started in data security. We saw so many organisations really struggling to keep track of who has access to their data, and what was happening to it. Frankly we wanted to give organizations a better way of auditing, monitoring and alerting on interaction with unstructured data to help enforce a least privilege model and hold privileged users accountable for their actions should they abuse their freedom. We knew there had to be a better way than retrospectively trawling through event logs when the damage is likely already done.
LepideAuditor is the answer we came up with. Our award-winning solution helps you detect and prevent privilege abuse across a number of your key IT platforms; including Active Directory, File Server, Exchange, SQL, SharePoint and Office 365. LepideAuditor first enables you to view a list of members of administrative groups and lists users with administrative privileges on any given date. These users are the biggest risk to your IT security. The solution also enables you to track user permissions changes and permissions applies to files and folders in your File Server. That way, you’ll be able to easily spot changes you don’t approve of, and even rollback those changes in a matter of clicks. It also contains over 300 pre-set reports that help you monitor your most privileged users continuously and proactively, ensuring you’re one step ahead of any potential problems.
Start your free trial of LepideAuditor today to find out how the solution can help you solve the problem of privilege management.