Menu
​Exposed and under threat - Why haphazard processes are harming local businesses

​Exposed and under threat - Why haphazard processes are harming local businesses

“Privileged accounts really are the ‘keys to the kingdom,’ but…”

Organisations in Australia and New Zealand - similar to the global market - have haphazard processes for managing administrative or other privileged accounts, making businesses vulnerable to security breaches.

Responses from a Dell-commissioned survey - including IT professionals from the US, UK, Germany, Australia and New Zealand - claims that nearly 80 percent of respondents have a defined process for managing privileged accounts, but are not diligent about following it.

In fact, almost 30 percent still use manual processes such as Excel or other spreadsheets to manage privileged accounts.

Not only are these manual processes prone to error and easily compromised, warns the tech giant, they impede quick resolution in time-critical situations.

“Privileged accounts really are the ‘keys to the kingdom,’ which is why hackers seek them out and why we’ve seen so many high-profile breaches over the past few years use these critical credentials,” says John Milburn, Executive director and general manager, Identity and Access Management, Dell Security.

“To alleviate this risk and ensure these accounts are controlled and secured, it’s absolutely crucial for organisations to have a secure, auditable process to protect them.

“A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organisational assets from breaches.”

According to Milburn, 83 percent of survey respondents face many challenges with managing privileged accounts and administrative passwords, ranking the following as the top three most critical privileged account management (PAM) challenges facing their organisations:

  • Default admin passwords on hardware and software are not consistently changed (37 percent)
  • Multiple admins share a common set of credentials (37 percent)
  • Inability to consistently identify individuals responsible for administrator activities (31 percent)

Although more than 75 percent have a defined process for changing the default admin password on hardware and software as new resources are brought into the organisation, Milburn claims that only 26 percent change admin passwords monthly on mission critical systems and devices.

For Milburn, such a ack of well-defined password and reporting practices present challenges.

“Survey respondents identified delegation (the ability to implement a least-privileged model of admin activity, in which admins are given only sufficient rights to do their job) and password vaulting (the ability to automate storage, issuance and changing of administrative credentials) as the administrative or privileged account management practices most critical to their organisations,” he adds.

“However, less than half say they have a regular cadence of recording, logging or monitoring administrative or other privileged access.

“The lack of a standard, enforced approach, coupled with a multitude of software tools and manual processes for managing privileged accounts, makes the business susceptible to hackers, and exposes corporate data to possible breach.”

Prevention of both breaches and insider attacks has become a major driver for the adoption of PAM solutions, Milburn claims.

According to a recent Gartner "Market Guide for Privileged Access Management" report, "adoption of PAM products by organisations is often partial, leaving gaps that translate to risk."

It notes that "prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency.

"And by 2017, more stringent regulations around control of privileged access will lead to a rise of 40 percent in fines and penalties imposed by regulatory bodies on organisations with deficient PAM controls that have been breached."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags DellCloudsecuritybig dataData Centre

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments