by Paul Rudo on 14/12/10 at 3:14 am
BeyondTrust is a 25-year old provider of privilege authorization management, access control and security solutions for virtualization and cloud computing environments. Through the PowerBroker software suite, BeyondTrust helps organizations manage privileged accounts on servers, devices, operating systems, desktops or applications.
These privileged accounts allow access to change core settings of the IT infrastructure or install applications. Through a series of product developments and acquisitions, our company now has the only single solution to manage privileged accounts in virtual environments, on desktops, in servers and just about wherever else privileged accounts can be found in an enterprise.
These privileges don’t share the same level of public attention as hackers or insiders, but a majority of security breaches where hackers or insiders take the credit are somehow tied to privileged accounts.
For example, the well-publicized Google breach involved a desktop in China where the user was allegedly lured to a contaminated website. According to reports, this website installed malware on the desktop that gave hackers enough access to the desktop to worm their way into Google’s Gaia single sign-on system. While the public would blame the hackers, or the misled user in China, if the user did not have administrative privileges on his or her desktop, giving them the rights to install software or change settings, the breach would have never occurred.
BeyondTrust helps organizations find balance by allowing users to do what they need to do that requires special access, but implementing monitoring, controls and other systems to prevent high-risk activities.
The proliferation of cloud computing and virtualization has given BeyondTrust an extraordinary growth opportunity due to the complexity and volume of privileged accounts in cloud and virtualization environments.
Heavily virtualized environments usually entail a much greater volume of operating systems that need to have their access privileges centrally managed and introduces the hypervisor, a new software layer that’s particularly vulnerable without proper protection. The growth in use of cloud vendors also presents an opportunity as cloud vendors will need to verify compliance with best practices.
Today, I’ll be interviewing Brian Anderson, who is the CMO for BeyondTrust.
What is your BeyondTrust’s opinion of the recent WikiLeaks scandal? What lessons should companies take from this?
Politicians and government organizations have been chasing internet providers, leakers, and especially Julian. One politician suggested hunting Julian with armed forces like a terrorist.
But the truth is, WikiLeaks has changed the insider threat forever. For now on, whether Julian and WikiLeaks lives or dies, there will always be convenient and accessible online portals that give insiders a quick and easy way to leak confidential information. Both online portals for leaking data and insiders who are willing and motivated to leak that data will continue to exist in the foreseeable future, regardless of any efforts exerted by the government.
These factors are difficult to influence and mostly outside their control. These pursuits will either serve to aggravate people more and exacerbate the problem, or slightly mitigate them.
Meanwhile, excessive access in government organizations especially runs wild. Staff are given access to confidential materials based on rank or clearance level, instead of only having access to the data they need to do their job. This means high-ranking staff or officers have an unwarranted level of access.
It’s really just a numbers game and a matter of mitigating risk. Organizations need to stop chasing down Julian, who is just a symbol of what the internet has empowered, and start making real efforts internally to mitigate the risk of leaks. This starts by reducing the number of people with access to the things you want to protect.
What are some of the most common causes of internal data leaks and misuse of privileges? What is the most commonly targeted data?
We categorize misuse of privileges into three common buckets:
Indirect is when malware or hackers somehow leverage an individual’s administrative privileges without the user intentionally causing harm (see Google breach example)
Intentional is when an individual with malicious intentions use their access usually to achieve financial benefits (Goldman example again here)
Accidental is when a database is made available online accidentally or someone with unlimited access presses the wrong button (see example here)
The most commonly targeted data is information that has financial value, whether to competitors, governments, or to use in identity theft. Hackers and insiders are motivated by cash.
What steps can companies to prevent a similar leak from happening at their company?
Implement the best practice of least privilege, which simply means that employees within the company only have the access they absolutely need to do their job – no more, no less.
What’s the difference between your service, and a free alternative like Sudo?
SUDO is not secure, because it allows IT administrators to alter logs that could otherwise incriminate them. Additionally, it works well for small businesses, but as you add more servers, it does not allow you to centrally manage those servers and their policies from a single console. IT has to review the logs of each server individually and manually, the configuration time is excessive and the accountability features are not robust.
Why is it a problem if employees have Admin rights to their own machines?
Desktop users with administrative access:
- Drive up IT help desk costs by modifying core system settings that end up causing problems
- Often disable security settings, allowing viruses or other malicious software a back door in
- Third and most importantly, allows the user to install malicious or insecure software (see Google example)
The problem is that removing administrative rights without a solution like PowerBroker offers equally unacceptable problems, like forcing users to call the helpdesk any time they want to change their system clock or connect to a new wireless.
Anything else you’d like to add?
We’ve been experiencing tremendous growth in the cloud and virtualization arenas due to key issues they raise regarding administrative privileges. For example, the hypervisor often gives IT admins and unmonitored area to copy large volumes of data without leaving evidence of their intrusion. The cloud entails granting admin rights to a large number of cloud vendors that don’t even work for the company and both create a greater diversity and volume of operating systems that need to be managed centrally.