| Recent
Articles |
Viable Alternative To SCO OpenServer?
I was a little surprised by this Newsgroup thread that began with asking "With the chapter 11 filing and other recommendations, what is a good, long time viable alternative to SCO OpenServer? " Some posters...
IT Analyst Firms Help In Purchasing Decisions
The Motley Fool has a pretty interesting article on IT analyst firms such as Gartner & Forrester. I've worked with these firms for nearly a decade and do believe that they provide a valuable service to their customers and the IT market in general. Some metrics for Gartner: "Each...
Marketing IT Services
This month's BrandingWire challenge comes from the business to business sector. A small, Canadian IT services company (ITCo) wants to brand itself more effectively. ITCo asks: "How can providing IT...
CMDB Dream Team
One of the issues dogging the CMDB hype cycle is the steep requirements for architecting and implementing such systems, even when based on vendor products. Expertise from a wide variety of domains is called...
|
|
10.18.07
Insiders And The Risky Business Of Security
 By
David Utter
One person with an administrator password and access to critical systems can cause chaos within a business.
The time has arrived to crack down before something really sensitive gets compromised.
Back in September, a simulated remote attack on an electrical generator left the machine a smoldering wreck.
With enough access to such critical systems, one person could cause a lot of damage.
Multiply that potential by the national power grid, and you get the kind of responses CNet cited from Rep. Jim Langevin (D-R.I.), who wants much more stringent controls and security standards for the nation's infrastructure.
On the topic of infrastructure, Xceedium CEO Cheryl Traverse said in a chat with SecurityProNews the real threat comes from the high risk users who can touch many parts of an enterprise system.
Administrators, developers, and anyone whose access rights cross systems and structures poses a risk.
Traverse claimed 86 percent of internal attacks come from insiders or outside people brought in and given too much access.
It's a situation that her company believes it can address through technology.
In this case, infrastructure virtualization will serve to compartmentalize what people can see in the system, limiting them to where they are authorized to be.
Traverse said the control takes place at the socket layer, so if an insider tries to jump from an authorized place to an unauthorized one, that access will be stopped.
Various tracking tools show what people do in the system.
Traverse noted that reporting functions will show compliance with established policies is in effect, an important piece of the compliance puzzle for publicly traded firms in particular.
Corporate losses to insider actions should make Xceedium and competitors that will certainly follow a business decision to be considered.
If the technology can work on a practical level as advertised, its benefits should outweigh the costs of implementation and ongoing monitoring needed to benefit from it.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
