Privileged account access issues covered in webinar

During the event, entitled `Out of sight, out of mind? - Securing privileged account access in the data centre,' Bob Tarzey, an analyst and director with business and IT research agency Quocirca, reviewed his report on the subject.

In the Quocirca report, Bob and his team found that, despite almost 60% of the organisations saying they have implemented or plan to implement the ISO 27001 standard for secure management of IT systems, around 41% still have poor management of their privileged user accounts.

"This shows that IT managers and allied professionals are simply not paying enough attention to controlling access to these types of accounts, which often have super-user privileges and give a user access to just about any aspect of a company's IT resource", he said.

The report also found that 24% of organisations have some form of manual control in place for overseeing the actions of and controlling the access of privileged users.

"On top of this, it's clear that a reliance on manual processes for monitoring and controlling privileged users is time-consuming, excessively expensive, unreliable, and prone to errors," he said.

"The one sure means of achieving watertight privileged user management is through the automated management of privileged user accounts, the assignment of privileged user access, and 360-degree monitoring of their activities", he added.

Richard Walters, chief technology officer with Overtis, the sponsor of the webinar, meanwhile, told attendees that privileged users hold the blueprint to the entire ICT estate in most organisations.

This estate, he says, now includes company data, voice, and video files and the situation is compounded, he adds, by the fact that privileged accounts have the highest level of access to sensitive data, including the audit data logs.

To counter the issue, Richard recommends that organisations should integrate their physical and logical perimeters, as well as limit physical access to the IT systems hosting the accounts.

This is achieved, he explained, by locking down door, floor, cage and rack access in the data centre, which should be monitored by CCTV and other security mechanisms.

Further details of the webinar - including a full recording of the event - can be found here...

What’s hot on Infosecurity Magazine?