User access rights and security privileges in the enterprise are out of control. So says security software vendor BeyondTrust, which released a survey this week to demonstrate the extent to which employees can unnecessarily access potentially sensitive data and resources.

Christopher Tozzi, Contributing Editor

October 22, 2013

2 Min Read
Poor User Access, Privilege Controls Threaten Data Privacy

User access rights and security privileges in the enterprise are out of control. So says security software vendor BeyondTrust, which released a survey this week to demonstrate the extent to which employees can unnecessarily access potentially sensitive data and resources.

Titled, "Privilege Gone Wild," (which, in a different context, might conjure images of trust-fund children engaging in debauchery), the survey revealed several key points that likely will encourage IT admins to think more about how they handle user privileges:

  • 44 percent of employees have access rights that are not necessary to their current role.

  • 80 percent of respondents believe that it's at least somewhat likely that employees access sensitive or confidential data out of curiosity.

  • More than three-quarters of respondents say the risk to their organization caused by the insecurity of privileged users will increase over the next few years.

  • 54 percent of respondents at organizations with privilege-access controls in place said they could easily circumvent those controls, demonstrating the ineffectiveness of existing solutions.

That last point might be the most interesting of all, because it reveals that simply having some kind of user access policy in place—which is easy to do using the basic, default tools that are built into most modern software—is not enough to protect sensitive data. True security appears requires more than the simple protections of things such as  user accounts and internal firewalls.

BeyondTrust, which defines itself as "the security industry's only provider of Context-Aware Security Intelligence," is pitching the survey results as evidence of the need for comprehensive, policy-driven vulnerability and privilege management that is adapted to the particular importance and sensitivity (in other words, the "context") of a given resource or database. And in our age of ubiquitous leaks from internal sources, the company may be right. No one wants to be the next NSA.

The full results of the survey, which was based on responses from "265 IT decision-makers including security managers and network and systems engineers across a number of industries," are available on BeyondTrust's website.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Christopher Tozzi

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

See more from Christopher Tozzi
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal