Securing Administrators – The Edward Snowden Effect

Publish date:

I love being a security architect, because I’m always right.  For well over 10 years, I have been trying to convince IT managers to secure their adminstrators better.  It makes no sense to go to enormous lengths to secure end users if the people who can do the real damage, the network and system administrators, […]

I love being a security architect, because I’m always right.  For well over 10 years, I have been trying to convince IT managers to secure their adminstrators better.  It makes no sense to go to enormous lengths to secure end users if the people who can do the real damage, the network and system administrators, are left to their own devices.  But often they are: I often see shared generic passwords, poor quality passwords (or even passwords left on the factory default setting!), passwords never changed (even when administrators leave).  But many IT managers seem to have a blind spot for their administrators and can’t understand why they can’t be trusted.

I am very grateful, therefore, to Edward Snowden, the NSA contractor and sysadmin who collected and published a huge number of highly sensitive and embarrassing documents.  I hope that IT managers in the future will be more receptive to my concerns.

One reason why little has been done about system administrators in the past is that it is actually very difficult to enforce good practices, or indeed any practices, on them.  They’re privileged, that makes them difficult to control.  But there is now an identifiable class of security tools, that can be used to control them.

About a year ago, I set up a Privileged Identity Management (PIM) service for a large client based on the Cyber Ark product set.  Cyber Ark is one of the well established products in this space, but it’s not the only one.  Cyber Ark works by taking control of the administrator passwords.  It changes them periodically, and after use, so administrators cannot treat them as their own property and cannot write them down or give them away.  Instead, administrators log in to a portal to get passwords.  I now believe that a PIM service should be a critical part of all organisations’ security infrastructures.

One thing I learned about PIM systems – they make a significant difference to how admiistrators do their work.  They’re supposed to, of course.  But you will need to work closely with your sysadmin teams to ensure a smooth transition.

Related Posts

Cybersecurity

Is your Operational Technology (OT) environment insider safe?

Dan Leyman
Date icon September 8, 2020

Organizations need to exercise due diligence and care to ensure their vendors, contractors,...

Cybersecurity

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
Date icon September 3, 2020

For AI to work effectively, organizations need to build a roadmap that addresses...

Cybersecurity

Identity access management (IAM) – the new normal

Dino Karanikas
Date icon August 27, 2020

Having an upgraded IAM plan in place will not only let you sleep better at night; it will...