Turning the Spotlight on IT’s Dirty Little Secret: Securing the Common Point of Failure in IT Risk Controls

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

The rise of identity and access management has revolutionized how the enterprise defines a key domain of IT risk control. Access management has become a cornerstone of best practice in IT governance, risk and compliance control — except for the most important access of all, the privileged user for shared administrative accounts, and the embedded application identities found within applications, scripts and application servers.

These high-privilege super-user and administrative accounts that directly control IT resources and applications themselves have largely been overlooked by enterprises seeking to mature their access management strategy. These accounts are often shared and may be managed by the most minimal security controls — if not exposed outright, embedded as plaintext in application and script code, or left unchanged from out-of-the-box defaults or initial settings. Poor controls over privileged access pose significant risks, if not some of the largest a business could face.

In this white paper, provided by Brookcourt Solutions, Enterprise Management Associates, an industry analyst and consulting firm, examines the paradox of IT’s ‘dirty little secret’: the poor state of high-privilege access management that represents a common point of failure in IT governance, risk and compliance controls. This potential security and audit failure point threatens organizations worldwide and stands in stark contrast to enterprise maturity in other aspects of IT control. The research includes reporting on a distinctive approach that helps solve the challenges of bringing greater security, discipline and control to privileged access management, with minimal invasiveness to existing applications or resources.

Should you download this content your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.