{"id":14972,"date":"2012-11-29T00:00:00","date_gmt":"2012-11-28T23:00:00","guid":{"rendered":"https:\/\/www.soundpr.it\/post_news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/"},"modified":"2012-11-29T00:00:00","modified_gmt":"2012-11-28T23:00:00","slug":"tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management","status":"publish","type":"news","link":"https:\/\/www.soundpr.it\/en\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/","title":{"rendered":"Three Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management"},"content":{"rendered":"<p><\/p>\n<p style=\"text-align: justify;\">Today, on Cyber Monday, online retailers and banks are bracing for the likelihood of increased data breaches and security threats, while online shoppers are taking extra precautions to protect personal information. Every day, Americans trust that the corporate and government IT systems handling their critical identity information, such as credit card numbers, social security numbers and tax returns, are equipped with appropriate security measures to keep personal data safe.\u00a0 Heightening awareness of potential security risks is an essential step to thwarting malicious attacks.\u00a0 All too often, however, public and private entities must also recognize that even more risky exposure exists when administrative privilege is exploited, regardless whether by external adversaries or internal threats. <a href=\"http:\/\/www.quest.com\/\">Quest Software<\/a> (now part of <a href=\"http:\/\/www.dell.com\/\">Dell)<\/a> has a deep understanding of the problems organizations face when they don\u2019t properly control and audit administrative access and \u201csuper-user\u201d accounts.<\/p>\n<p style=\"text-align: justify;\">According to a survey conducted earlier this year at <a href=\"http:\/\/www.theexpertsconference.com\/\">The Experts Conference<\/a>, an annual gathering of global IT pros co-sponsored by Quest and Microsoft, half of the responding organizations reported that their No. 1 compliance issue is ensuring correct user access rights (including privileged user access). In the case of managing privileged accounts, this challenge intensifies when administrators are given the \u201ckeys to the kingdom,\u201d with far-reaching, shared anonymous access rights to vital IT systems. In the private sector, failure to manage access to information and compliance with security mandates can mean lost revenues, failed audits and damage to the brand. In government, managing user access rights represents a high stakes game in which getting out ahead of emerging threats is a matter of national security. To this point, Privileged Account Management is noted in many security standards, including ISO 27001 and NIST 800-53. A new report developed by Enterprise Management Associates, on behalf of Quest, identifies inadequate administrative access controls as \u201cone of the most egregious IT risk gaps in many organizations.\u201d<\/p>\n<p style=\"text-align: justify;\">The report, \u201c<a href=\"http:\/\/www.quest.com\/whitepaper\/818257.aspx\">Why You Need to Consider Privileged Access Management (And What You May Not Know About It That You Should<\/a>),\u201d examines some of the most common excuses companies give to justify this oversight, and offers useful insight into how modern Privileged Account Management (PAM) practices and corresponding technology solutions can close the risk gap with flexible policy control, automated workflows and comprehensive reporting to enhance security, achieve compliance and improve efficiency.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">To further help CXOs avert these all-to-common security risks, Quest offers three pragmatic tips:<\/p>\n<p style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<li><strong><em>1.\u00a0\u00a0\u00a0\u00a0\u00a0 <\/em><\/strong><strong><em>Assign individual accountability to super-user activity<\/em><\/strong><\/li>\n<\/ol>\n<\/ol>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">Shared and unmanaged administrative access is more than just a bad idea\u2014it\u2019s one of the fastest and easiest ways to expose an organization to undue risk, especially since these super-user accounts typically have extensive power over IT operating systems, applications, databases, etc. With shared accounts, any security or compliance breach can be traced back only to the account, and not to an individual administrator using that account.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">A much better approach to risk containment involves granting administrators access rights only to what they need, as they need it, nothing more or less. Credentials should be issued only on an as-needed basis, accompanied by a full audit trail of who used them, who approved the use, what they did with them, as well as how and why they received them \u2013 and the password should be immediately changed once the use is completed. The ability to automate and secure this entire process is an effective way to manage administrative access across an entire organization.\u00a0 Similarly, PAM is essential to enabling federal, state and local agencies to work together, and can make or break government-wide information sharing and collaboration.<\/p>\n<p style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<li><strong><em>2.\u00a0\u00a0\u00a0\u00a0\u00a0 <\/em><\/strong><strong><em>Implement and enforce a \u201cleast privilege\u201d security stance for administrative access<\/em><\/strong><\/li>\n<\/ol>\n<\/ol>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">Many administrative accounts, including those for Unix root, Windows or Active Directory admin, DBA, etc., provide unlimited permissions within their scope of control, and, when shared, open the door for malicious activity. For example, the <a href=\"http:\/\/www.databreaches.net\/?p=21460\">widely publicized security breach at Fannie Mae<\/a> involved an employee who used this type of super-user access to maliciously plant a logic bomb that, if undiscovered, would have crippled the entire organization and compromised the personal and financial information of approximately 1,100 people.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">A more prudent approach is to establish a policy that clearly defines what each administrator (or administrator role) can and cannot do with their access. Since this process can be complicated and often difficult to enforce across diverse systems, Quest recommends the addition of granular delegation tools that are optimized for the designated platforms, and integrated with other PAM technologies such as a privilege safe, multifactor authentication or Active Directory bridge.<\/p>\n<p style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<ol style=\"text-align: justify;\">\n<li><strong><em>3.\u00a0\u00a0\u00a0\u00a0\u00a0 <\/em><\/strong><strong><em>Reduce privileged account management complexity<\/em><\/strong><\/li>\n<\/ol>\n<\/ol>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">One of the overarching PAM challenges comes from navigating diverse IT systems, each with their own unique capabilities and requirements for privileged account management. This often results in the use of specialized tools, along with ad-hoc policies and practices to control privileged account access. Unfortunately, this approach frequently complicates the audit process, making it difficult to prove that all access is controlled and that separation-of-duties principles are established and enforced.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">For that reason, consolidating disparate systems into a common identity structure creates an environment where a single PAM approach can be readily enforced with greater consistency across a much larger portion of an organization, eliminating errors borne from multi-system complexity, reducing risk and lowering the expense of managing multiple systems. In addition, any consolidation of PAM capabilities under a common management and reporting interface provides enhanced efficiency.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">The EMA report referenced above indicates that organizations focused on achieving a high level of discipline in configuration and change management tend to have better outcomes, not only in lower incidences of disruptive security events, but in better IT reliability, less unplanned IT work, more successful IT changes, higher server-to-system administrator ratios, and more IT projects completed on time and within budget.<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>Quest\u00ae One Identity Solutions Centralize and Simplify Privileged Account Management<\/strong><strong><\/strong><\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>Quest Software provides a modular, yet integrated, approach to identity and access management\u00a0 specifically Privileged Account Management \u00a0that controls insider threats and improves IT efficiency, as it enables organizations to eliminate the dangers of unchecked super-user access, adverse audit findings, direct penalties, and negative press exposure.<\/strong><strong><\/strong><\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>Supporting Quotes:<\/strong><\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>Jackson Shaw, senior director of product management, Quest Software<\/strong><\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">\u201cPrivileged Account Management will be one of the fastest-growing areas of IAM over the next few years, for good reason. Most of the recent high-profile security breaches, including \u00a0the UBS Paine Webber attack and the City of San Francisco breach, happened due to lack of control over privileged accounts. What\u2019s more, these breaches do not discriminate; they can cause equally horrific damage to any organization, no matter how large or small. It\u2019s time for companies to take note of the severe security risk posed by poor PAM practices, and seek out a comprehensive solution befitting the task. Quest One offers a complete set of PAM capabilities, providing comprehensive controls in a flexible, modular architecture.\u201d<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>Scott Crawford, Enterprise Management Associates (EMA)<\/strong><\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">\u201cPoor controls over administrative access have resulted in real damage. PAM capabilities can help mitigate such risks and improve controls, through techniques such as \u2018privilege safe\u2019 technologies that deliver a more disciplined approach to control that supports responsible IT governance. Quest helps IT improve performance and reduce support costs by closing one of the most readily managed gaps of all: the weakness exposed when individuals have broad, anonymous, and unmonitored administrative access to the most sensitive capability in IT.\u201d<\/p>\n<p style=\"text-align: justify;\">\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\">\n<p><\/p>","protected":false},"featured_media":14719,"template":"","news_categories":[141],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management  - soundPR<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management  - soundPR\" \/>\n<meta property=\"og:description\" content=\"Today, on Cyber Monday, online retailers and banks are bracing for the likelihood of increased data breaches and security threats, while online shoppers are taking extra precautions to protect personal information. Every day, Americans trust that the corporate and government IT systems handling their critical identity information, such as credit card numbers, social security numbers [...]Read More...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/\" \/>\n<meta property=\"og:site_name\" content=\"soundPR\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/QuestLogo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"624\" \/>\n\t<meta property=\"og:image:height\" content=\"295\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/\",\"url\":\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/\",\"name\":\"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management - soundPR\",\"isPartOf\":{\"@id\":\"https:\/\/www.soundpr.it\/#website\"},\"datePublished\":\"2012-11-28T23:00:00+00:00\",\"dateModified\":\"2012-11-28T23:00:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.soundpr.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.soundpr.it\/#website\",\"url\":\"https:\/\/www.soundpr.it\/\",\"name\":\"soundPR\",\"description\":\"Sound Public Relations\",\"publisher\":{\"@id\":\"https:\/\/www.soundpr.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.soundpr.it\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.soundpr.it\/#organization\",\"name\":\"soundPR\",\"url\":\"https:\/\/www.soundpr.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.soundpr.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/Logo-hd-wht.png\",\"contentUrl\":\"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/Logo-hd-wht.png\",\"width\":168,\"height\":69,\"caption\":\"soundPR\"},\"image\":{\"@id\":\"https:\/\/www.soundpr.it\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management  - soundPR","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/","og_locale":"en_US","og_type":"article","og_title":"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management  - soundPR","og_description":"Today, on Cyber Monday, online retailers and banks are bracing for the likelihood of increased data breaches and security threats, while online shoppers are taking extra precautions to protect personal information. Every day, Americans trust that the corporate and government IT systems handling their critical identity information, such as credit card numbers, social security numbers [...]Read More...","og_url":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/","og_site_name":"soundPR","og_image":[{"width":624,"height":295,"url":"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/QuestLogo.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/","url":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/","name":"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account ManagementThree Ways CXOs Can Avert Super-User Security Threats with Privileged Account Management - soundPR","isPartOf":{"@id":"https:\/\/www.soundpr.it\/#website"},"datePublished":"2012-11-28T23:00:00+00:00","dateModified":"2012-11-28T23:00:00+00:00","breadcrumb":{"@id":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.soundpr.it\/news\/tre-consigli-per-proteggere-i-super-user-account-dalle-minacce-informatiche-grazie-al-privileged-account-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.soundpr.it\/"},{"@type":"ListItem","position":2,"name":"Tre consigli per proteggere i super-user account dalle minacce informatiche grazie al Privileged Account Management"}]},{"@type":"WebSite","@id":"https:\/\/www.soundpr.it\/#website","url":"https:\/\/www.soundpr.it\/","name":"soundPR","description":"Sound Public Relations","publisher":{"@id":"https:\/\/www.soundpr.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.soundpr.it\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.soundpr.it\/#organization","name":"soundPR","url":"https:\/\/www.soundpr.it\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.soundpr.it\/#\/schema\/logo\/image\/","url":"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/Logo-hd-wht.png","contentUrl":"https:\/\/www.soundpr.it\/wp-content\/uploads\/2019\/07\/Logo-hd-wht.png","width":168,"height":69,"caption":"soundPR"},"image":{"@id":"https:\/\/www.soundpr.it\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/news\/14972"}],"collection":[{"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/types\/news"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/media\/14719"}],"wp:attachment":[{"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/media?parent=14972"}],"wp:term":[{"taxonomy":"news_categories","embeddable":true,"href":"https:\/\/www.soundpr.it\/en\/wp-json\/wp\/v2\/news_categories?post=14972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}