Europeans are being warned that lax administration of privileged IT users is threatening the security of their businesses
Privileged users are often the weak link in the corporate security chain, despite their trusted positions, European companies were warned at the RSA security conference in London this week.
A survey of 270 medium and large European organisations conducted by research company Quocirca on behalf of IT management specialists CA, found that organisations remain unaware of the risks posed by privileged users such as IT managers or senior management, due to poor management, inefficient manual processes and lack of awareness.
Somewhat alarmingly, 41 percent of supposedly ISO27001 compliant organisations admitted non-compliant practices such as sharing privileged user accounts. And despite the availability of privileged user management (PUM) systems, only 26 percent of European organisations surveyed have actually deployed them in full.
“While such access (privileged access ) is necessary, it is most commonly managed on an ad hoc basis and, despite claims to pay heed to the requirements of regulators, requirements with regard to privileged users are often overlooked,” said Simon Godfrey, Director of Security Solutions at CA.
Godfrey warned that it was in the best interests of companies to have measures in place to control and monitor privileged users. “The deployment of PUM tools enables this and allows organisations to mature their use of PUM over time,” said Godfrey. “Privilege User management is key to compliance, to reducing risk exposure, and to protecting critical business applications.”
At the moment, it seems that in Europe 24 percent of organisations (29 percent in the UK) rely on forms of manual control for overseeing and controlling the actions of privileged users. But this is time consuming, expensive, unreliable, prone to error, and most importantly is a process that cannot be audited.
The survey also revealed that controlling and monitoring the activities of privileged users is well down on the list of priorities for IT managers at the moment. Survey respondents ranked PUM below seven other actual security threats to the organisation including malware, the Internet, internal users, and web 2.0 tools.
The survey also highlighted individual country differences. The French are the naughtiest in this regard, with 60 percent admitting they would most likely to share administrator accounts between individual administrators, followed by Belgium (also 60 percent), and the Netherlands (53 percent). The UK scored 38 percent.