Sean Martin, founder of imsmartin consulting, spoke to
many individuals at the recent RSA 2012 conference. Sean mentioned in his
recent article titled “Are
security basics getting lost under the cover of cloud and mobile?” that
there were numerous topics discussed but he noticed three topics being raised
more than others: passwords, identities, and privileges.
“Most organizations take
steps to remove admin-level access and elevated privileges from standard user
accounts. But admin privileges often get granted to additional users over time
as a way to allow them to install printer drivers, launch system-level
applications, and perform other business-enabling actions on their own without
IT help desk involvement,” said Sean Martin.
Viewfinity is seeing that most organizations are victims
of “privilege creep” – a situation where privileges are locked down initially
and are increased over time. Businesses should follow the basics of managing
account privileges on a granular level, controlling access based on need, time,
application, location and more.