Vormetric and the Enterprise Strategy Group have issued the Vormetric Insider Threat Report, indicating the vulnerabilities organisations face from rouge privileged users.
According to the report, 54% of organisations believe that is more difficult to detect/prevent insider attacks today than in 2011. 46% say they are vulnerable to an insider attack. A further 36% are concerned about cloud security and 27% are concerned about advanced persistent threats. Edward Snowden has heightened awareness on the issue of insider threat with 45% now changing their view.
Alan Kessler, CEO and president of Vormetric, spoke to Claire Vanner about the risk posed by privileged users, additional risks when using the cloud and why traditional perimeter security is no longer enough.
What is Insider Threat?
Insider Threat is malicious activity brought against an org generally by an employee or a former employee, or a business partner that has the ability to reach inside the network with the intent of crating destructing or stealing information.
What is the risk posed by ‘privileged users’?
The computer and communications technologies that are used today were designed many decades ago and they were designed around the theory that there is n individual, a role in managing and administering the systems that gives that individual unprecedented power over the operations or control over the systems. So that level of user that has control over the systems and the privilege over the operations, the configuration and the administration of the systems, is generally referred to as a privileged user.
We’ve seen in the headlines of late, the Edward Snowden incident for example, as someone who was a an employee of a contractor, working to manage computer networks and computer systems and had privileged user access and took a lot of that information that he was not auth to take.
The reputation damage that can occur to a damage that has info stolen is quite high. The potential damage to critical infrastructure if information is actually changed the data, it is quite material in a big risk. These are some of the concerns that cause us to limit the exposure to privileged users.
What are the additional risks when using the cloud?
You can think of the situation as follows: if you are concerned as a user in an organisation about your own privilege users, then you ask yourself, what is it you want them to be able to manage and administer for you? Even inside your own four walls, managing your own data centre and own assets, there’s quite a high degree of concern over data privilege. What the market research suggests reinforces that cloud tech and moving to embrace cloud puts even more pressure and sensitivity around these privilege users.
What can be done to enforce more security when using the cloud?
One of the approaches that we’ve taken is the industry customers had invested quite a high degree of their resources trying to protect the perimeter of the network and build up defensive measures trying to keep bad things from infiltrating the network. What we’ve seen from the advanced threats that are attacking networks with state-sponsored attacks, with people like Edward Snowden, it’s quite impossible to build a perimeter to protect the network. So they care a lot about protecting from the inside-out.
Our view is that the adversary is trying to either steal or modify your data, so what you should do is put strict controls around the data, limit the ability to view data but still allow the privileged users and administrators the ability to do their job.
Is it difficult to strike a balance between protecting data internally and allowing privileged access?
Embracing security can be viewed as an inhibitor to business process, which is a concern of business organisations. The aim is to be able to implement these controls in a way that is transparent, that’s strong and efficient from a performance point of view and easy to deploy. So it’s really finding that right balance there. That has a lot to do with how we’re addressing this issue of privileged user controls.
Is the traditional perimeter security deployed by so many companies sufficient protection?
It’s clear that it is necessary to build layers of defence which is often referred to as defence in-depth within the security industry. Building a perimeter around the security industry is necessary but the investments yield diminishing returns. When you stand back and look at what the adversary is trying to do: they are trying to steal you data or modify your data and so protecting closer to the data itself provides greater control and protection.
You can chase the rodents around your house or you can hide the cheese and secure it. So there’s a lot of money spent and a lot of people chasing the rodents or trying to keep them from getting in the house in the first place, but if they’re determined, one way or another they find their way in. We are appreciative of that, but protecting the cheese is what we do.
What advice would you offer to companies who want to reduce their insider threat?
I would certainly say that as it relates to understanding the risk of data and exposure to data, first of all understanding what sensitive data you have is an important first step. The second step is determining here is resides. The third step is to have the controls is place so only the individuals who have a need to know and a need to operate on that data have access to that data. So your traditional private user who today may have access to all the data on the servers they manage may not have a need to ever see the data, they just have to operate at the meta-data level to do their job. The postman sees the envelope with the address but doesn’t have the need to see the letter inside.
