In 2013, U.S. government contractor Edward Snowden used his privileged access to copy and leak classified information from the U.S. National Security Agency (NSA) that revealed the status of numerous global surveillance programs. He was subsequently charged with violating the Espionage Act.
In today’s heterogeneous IT environments, the number of administrative identities is growing at an uncontrolled rate as multiple users are assigned this level of privilege to enterprise resources. It’s critical that the enterprise mitigate the risk of users with administrative accounts from gaining access to secure information resources.
So what is the best way to identify your company’s potential Edward Snowden? By implementing a scalable model where IT can centrally manage authentication, access control, privilege management, auditing, policy enforcement, and compliance across the enterprise. Without a scalable model for managing the lifecycle of your insiders’ identities, associated privileges, and privileged activity across applications, platforms, and devices, blind spots can create unanticipated risks.
Identify and manage enterprise risks
As Andrew Kellett, lead analyst for Ovum Research, explained in Forbes, “Nearly all of U.S. organizations polled perceive a security vacuum and feel quite threatened. As much as we may have hoped to believe it, the Edward Snowden affair was not our data security pinnacle. Almost half of the U.S. organizations polled experienced a data breach or failed a compliance audit in the past year–which tells us the situation has probable gotten more complicated.”
One of the best ways to mitigate insider risk involves “least privilege” practices. In this scenario, users are granted just enough privilege to do their jobs and accomplish their business objectives while also protecting proprietary enterprise information. This allows administrative users to log in as themselves while maximizing enterprise control over privileged accounts.
Privileged identity management lets organizations consolidate identities, deliver cross-platform least privilege access, and control shared accounts while securing remote access and auditing all privileged sessions.
By providing employees with a unified identity and implementing least privilege access principals, the enterprise can secure the modern enterprise by carefully granting administrative users secure, privileged access to hybrid infrastructure. With a unified identity, an insider has a single login across diverse enterprise resources. Insiders can access only those systems and applications necessary to perform their jobs, and all of their administrative activities can be tied back to each user’s unified identity.
This approach allows IT to minimize risks associated with privileged accounts by enforcing centralized control when accessing shared credentials. Reliance on a unified identity policy also means that authentication, authorization, and audit policies will be unified, with IT gaining full visibility into all of the resources each user can access.
For additional information on this important topic, download the Centrify whitepaper, Top 3 Reasons to Give Insiders a Unified Identity.