Vormetric : Organisations Struggling Against Insider Threat

A new study suggests that most organisations do not block privileged users from access to sensitive data

One of the biggest data breaches of all time occurred not by a malicious external actor, but by IT contractor Edward Snowden, who was able to take privileged information from the National Security Agency (NSA). And the fact that an insider such as Snowden had access is not a problem unique to the NSA, according to a new study sponsored by security firm Vormetric.

“One of the big revelations in the survey is that 73 percent of respondents said they don’t block privileged users from access to sensitive data,” Vormetric chief executive Allan Kessler told eWEEK.

Insider threat

The Vormetric-sponsored study was conducted by Enterprise Strategy Group and surveyed 700 IT security decision makers. Fifty-four percent of the survey respondents also indicated that it is now more difficult to protect against an insider threat than it was two years ago. There are several reasons for this, according to Kessler, among them being the growing use of cloud computing and virtualisation.

Intenret email security @ padlock © nobeastsofierce ShutterstockContractors are also a particular challenge. Kessler noted that Snowden was a contractor and he had tremendous access to data.

“The fundamental problem is that the folks that have access to manage an internal system have incredible amounts of privileges,” Kessler said.

He added that system administrators need to have privileged access to be able to manage servers and big data stores.

“However, very few organisations realise that they can keep privileged users from seeing data and still allow them to do their job,” Kessler said.

The growing use of the cloud exacerbates the issue of privileged users. Kessler noted that when an enterprise puts its workloads in the cloud, those same privileged users can also see data and can potentially do damage.

The idea of role-based access control (RBAC) is one that has existed for decades in IT and still serves a core role in security information.

Policy-based approach

In the modern era, Kessler noted, the traditional network perimeter has disappeared and it is increasingly difficult to prevent bad actors from getting into an organisation. The real question for Kessler is not about preventing attacks, but about reducing the attack surface and minimising the risk from exploitation.

“Having a policy-based approach that protects the data can significantly reduce the attack surface,” Kessler said. “Using policy to determine who can see the data is something in which we believe.”

There are some challenges with implementing proper policies for data protection, a key one being the fact that many organisations simply do not know that policy-based access can be implemented in the first place, he said. Encryption also plays a role in data protection.

There are multiple technology solutions to the problem; one of them is Vormetric’s Data Firewall.

“We have a data firewall that sits on top of the data and then talks to a policy manager,” Kessler said. “If anyone tries to access data on the server, the firewall checks to see if the user has the policy access to be able to see the requested data.”

The system has multiple layers such that the user could be granted access to see the metadata but not the complete data set. So if a user who is only authorised for metadata attempts to view privileged data, the privileged data is encrypted.

The data firewall can also control what a user is able to do with data. For example, a root system user can be limited in terms of the actions that can be taken.

“It’s a very strong control that can reduce the attack surface,” Kessler said.

Are you a security pro? Try our quiz!

Originally published on eWeek.