Industry Research : Latest IT Security Survey Highlights Need for IT Security Safety Net
Commenting on a survey that found barely 39 per cent of workers follow IT security policies in the workplace, Avecto says that this proves the need for privilege identity management technology on company computer systems.
According to Paul Kenyon, chief operating officer with the Windows privilege management provider, the results of the survey by Avira –which took in responses from almost a thousand users of the IT security vendor’s software – show that the education message still has some way to go in the workplace.
"Turning this survey on its head means that more than 60 per cent – approaching two thirds of employees – either partially or completely ignore security policies, despite a continuing surge in malware, phishing and all manner of hacker attacks," he said.
"Short of going around with a pointy stick and prodding staff when they make a mistake on the governance front – which isn’t very legal or morale-boosting in the modern business environment – IT managers clearly need to use a safety net of some sort," he added.
And this, the Avecto COO says, is where privilege identity management comes into its own, as it provides a wide range of security safeguards that stop employees from doing something that goes against corporate security policies.
There are, Kenyon explains, a variety of security policy enforcement technologies available, but they can never be 100 per cent effective, especially where human behaviour creates a previously unforeseen set of circumstances that allows malware - or cybercriminals - to creep on to the company IT systems.
And this is before, he says, we even start to look at the issue of multi-vectored and hybridised security threats, the latest incarnation of which has been classed as APTs, short for advanced persistent threats.
As we now know that APTs were responsible for the widely-reported attack on RSA’s systems earlier this year, he adds, it is clear that conventional security cannot defend against all threats.
"If, however, we are able to ring-fence the most powerful accounts within the IT infrastructure of an enterprise, least privilege will ensure that any damage can be minimised - even if the security of the systems is compromised by an employee’s actions, no matter how it was caused," he said.
"This, in a nutshell, stops any data breaches occurring through the use of privileged accounts. It’s also worth noting that the management of privileged identities can be automated to follow pre-determined or customised policies and requirements for the organisation concerned," he added.
"Against a backdrop of staff being asked to do more with less – whilst also being under greater workloads – as this survey clearly shows, privileged identity management is a very powerful tool. More powerful than a pointy stick and much more legal."
Today's Tip of the Day - Continuous Improvement
More Editorial From Avecto
Published: Tuesday, November 8, 2011