Thales Blog

Why Privileged User Controls Are Central To Thwarting APTs

June 6, 2013

Privileged User ControlsLet's face it: perimeter security is failing, and failing fast. Every week it seems, we're reading about yet another major corporation, defense contractor or government agency that has become the latest victim of an Advanced Persistent Threat (APT). Today's APTs are both sophisticated and patient, getting inside the target's network and sitting there for weeks, months or even years, accessing and ultimately stealing valuable data.

Now, it's clear that servers are the primary targets and the best way to get at the data on those servers is by compromising the accounts of privileged users in the organization. Many people mistakenly assume that privileged users are the C-level executives, like the CEO and CFO. While those users do see sensitive data on a regular basis, the best targets for cyber criminals lie further down the food chain; it's folks like network administrators, database administrators, sys admins and root users that represent the biggest potential gain for cyber criminals. And, for organizations wanting to embrace cloud technologies, cloud administrators represent yet another attack vector. Why? Because they have access to cloud-hosted data and systems as part of maintaining and supporting their customers’ data (and potentially YOUR data, if either your organization or your partners/suppliers are embracing cloud technologies).

Clearly, the risks to sensitive data are multiplying at a dizzying rate and that's not going to change any time soon. Fortunately, once you've identified who your privileged users are (who ALL of them are), there are ways to manage your risk — namely by reducing the attack surface through encryption, fine-grained access controls and detailed auditing and reporting. Separation of duties and deploying new technologies that restrict privileged user access to data are key for organizations because while you need to provide users and applications with the ability to see sensitive data based on policy, at the same time you must shield that information from the accounts of the administrators managing the infrastructure and systems.

One of the biggest advantages Vormetric's data security platform provides is the ability to put in place fine-grained access controls, permitting privileged users to see what they need to get their jobs done, but not have unfettered access to sensitive data. We call this Vormetric Data Firewall™ and it protects sensitive data at the source. Obviously, CFOs should have access to sensitive financial data in spreadsheets, but a system administrator with root access to the system holding that spreadsheet should not. The sys admin Peter Drucker once said, "Rank does not confer privilege or give power. It imposes responsibility." Data security is no longer an IT problem, it's a big business problem (arguably the #1 business problem). It's time for those in the highest ranks of business and government to shoulder their responsibilities to shareholders, customers and citizens by taking proactive measures — and this includes proactively protecting privileged user accounts — before APTs cause serious financial or reputation damage.