Since the advent of the SuperUser, there has been a thorn in the side of Information Security. Administrators must be able to perform system management functions, but systems have been designed to grant them access far beyond what they actually need to do their jobs. As a result, IT has had to come up with crafty ways to help mitigate who has access to privileged accounts and the underlying data in those accounts. They have tried everything from password management, to keystroke logging, to change control procedures, to privileged user management (such as sudo, powerbroker, etc.).
However, all of these approaches have focused on either “who” can become a privileged user or “how” they can access sensitive data. In essence, they’ve been missing the point, which is much more about what the privileged user is able to do with data.
If you are wrestling with how to mitigate negative outcomes from privileged user access to data (and attackers who wish to exploit privileged users), here are a few different methods to consider:
- Password Management – Create a process where privileged users must check out a password after going through an approval process, usually a change control system. (This mitigates an individual admin from just jumping into the system at will, but does not control what they can do, or if a vulnerability is abused in the system.)
- Privileged User Management – Tools like sudo can be used to control who can run what commands as a privileged user (i.e. – jsmith can run mount as root to mount file systems). This controls individual admins to a limited set of commands, but the sudo configuration is still managed by a full root user, and doesn’t control access to data, as root.
- Keystroke Logging – Commonly used to watch what an individual does on a system, and is seen to be a very cumbersome method.
- Data Firewalling – A tool like Vormetric Data Firewall is an effective last line of defense because it employs a separation of duties from data, all driven by policy. It uses transparent encryption (failsafe), integrated key management (no keys known to individuals), and a criteria-effects rule set to only allow approved users/processes to access data. This can be used to allow the business application to see its data, but the administrator to only see cyphertext, if anything at all. This means that admins can be monitored and limited from access to data, while still being able to perform needed tasks.
When looking to mitigate and control your privileged users so that you can keep your organization out of the media headlines around data breaches, the best method is almost always to address the problem at its root…the data itself. By taking an “inside-out” approach to security and focusing on the end-goal of data first, you can deliver a much more refined, and secure, solution.