Getty Images

Sponsor Content

Architecture lines under the bridge, Elevated expressway,The curve of bridge in Bangkok, Thailand.

Are Your Duties Segregated?

Written by AT&T Cybersecurity Guest Blogger
December 18, 2019

Organizations sometimes forget to segregate—or separate--duties. It’s a dangerous information security oversight.

Segregation of duties is a fundamental information security practice. In simple terms, it means you split out important tasks between two or more people. This prevents one person from getting drunk on all the power they wield, and also prevents one person from making a mistake that can have undesired consequences.

One of the best examples of segregation of duties can be seen in movies when it comes to launching nuclear missiles. The system relies on two people on opposite sides of the console to put in and turn their keys at the same time. This segregation, or separation, of duties ensures that one person can’t launch a nuclear missile on his or her own.

Segregation of duties works best when there is a clearly defined function and where there is some physical separation.

For example, in a call center or banking app, a junior administrator may be able to authorize payments up to $500, but anything above that would need supervisor’s approval. The junior admin can enter details and send them off to the supervisor, who can then approve or decline payment.

But, in many cases, the broader application can sometimes have some flaws.

In one of my first jobs in IT security, our team implemented a process for separating duties whenever a new HSM key (key change ceremony) needed to be loaded.

I worked on a team that had one half of the password to complete this task, while another team held the other half. Much like the end of the film “Bulletproof Monk,” I even had my half of the password tattooed on my back. (I still don’t know what it says to this day.)

Once a project was underway, I’d have to travel across the country to the data center with my half of the password in order to change the key with the help of a colleague.

The only problem with that was … Have you ever worked on a project? They’re never on time–always delayed. And data centers are cold!

One time I sat in a data center with another guy who was clearly more experienced than I with this kind of thing. He was sitting under a blanket he’d brought, reading his book and

Page 1
Page 2

From the Industry

Sponsor Content

Are Your Duties Segregated?

Leave a comment Cancel reply

Galleries

Image Gallery: Check Point Software CPX 360 Featuring FireMon, Silver Peak, AT&T

From the Industry

To Address Cloud Security Challenges, Simplify and Unify

Ingram Micro Commerce & Lifecycle Services Is Named a Top 3PL for the Fifth Consecutive Year

Expert Insights on 8 Cybersecurity Trends for 2020

Webinars

Turning Customers Into Partners with Co-Managed IT Services

It’s That Time Again — Welcome to the 2020 MSP 501!

White Papers

2020 Outlook for IT Solution Providers: Growth in Edge Computing, AI, and More

Backup and Recovery: Growing Opportunity for IT Solution Providers

When Digital Transformation Equals Digital Disruption

Events

Channel Partners Conference & Expo

Channel Partners Evolution

Channel Evolution Europe

Videos

We Are a #501er!

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

Twitter

From the Industry

Sponsor Content

Are Your Duties Segregated?

Related

Leave a comment Cancel reply

Related Content

Galleries

Image Gallery: Check Point Software CPX 360 Featuring FireMon, Silver Peak, AT&T

From the Industry

To Address Cloud Security Challenges, Simplify and Unify

Ingram Micro Commerce & Lifecycle Services Is Named a Top 3PL for the Fifth Consecutive Year

Expert Insights on 8 Cybersecurity Trends for 2020

Webinars

Turning Customers Into Partners with Co-Managed IT Services

It’s That Time Again — Welcome to the 2020 MSP 501!

White Papers

2020 Outlook for IT Solution Providers: Growth in Edge Computing, AI, and More

Backup and Recovery: Growing Opportunity for IT Solution Providers

When Digital Transformation Equals Digital Disruption

Events

Channel Partners Conference & Expo

Channel Partners Evolution

Channel Evolution Europe

Videos

We Are a #501er!

FASTCHAT: Why an MSP Needs to Extend Detection and Response Beyond Endpoint Security

Ingram Micro: It’s Up to Our MSP Partners to Keep Clients ‘Out of the Headlines’

Twitter