by

The Case for Privileged Access Control

Labels: , , , ,


Another day, another big data leak. Do you have a minute? Let's talk a bit about basic security and how even the “big guys” can have it wrong.

Since you're a young IT professional you hear the mantra that login credentials (username, password etc) should never be shared nor written in plain-text (Hello, TickeTek!!). So, why do we keep seeing these things in workplaces? Passwords for network shared on stick notes, handwritten in walls, displayed in big monitors for the sake of convenience…

image

image

The answer is: Unfortunately, this is quite a common practice and worst coming from bad decision making.

The Weakness Stand

According to a report from Centrify: State of Corporate Perimeter about 50% of the USA and 1/3 of UK leaders believe it is easy for someone with old passwords to login into company systems.

Even considering that most of the companies have an off-boarding process for contractors, it can take up to a week to completely sanitize access rights and passwords to all the sensitive data once handled by those individuals. One week is enough time for anyone with ill intentions to go back and hack into systems. And that isn't a rare incident.

image

Privileged Accounts: Free as in Free Beer

It gets worse. The report revealed that privileged accounts for systems, and network devices are being shared without any policies to protect them. 40% of U.K. IT leaders working for big companies (over 500 employees) said more than 10% of their staff have privileged access to data in some form.

This number jumps to 50% for small and mid-sized companies (less than 500 employees). Too many people with too much, unnecessary, power in their hands. We are talking about confidential and highly sensitive information kind of access. Rightly so, 62% of U.S. IT leaders believe their companies have too many privileged users. Look at this: Security Auditors guess Australian government database passwords on first attempt! That’s shocking!

image

Cultural Differences?

Now one thing to consider. This report was done with 200 companies in the USA and 200 in the UK. One might think that a more liberal economy would pose a bigger risk to IT security systems. Truth is, it does not. The overall pattern is consistent across all groups in both countries. For example, around 50% percent of all companies involved in the study confirmed that their companies had a data breach. And the bad guys are there for the taking like sharks.

A Backup Always Work, The Restore Is What Fails

Almost all companies have some sort of identity keys in place but nearly half of them have monitoring, auditing or privileged identity management in place. Quite surprising, 1/3 of these companies don't have trained employees to respond to a data breach or how the accounts are used. They are simply given to folks and trusted they will do good with them. No wonder so many breaches happens.

The Disaster is a Decision

Often times we hear that a disaster is a series of small events that lead to a big event. It is very surprising that experienced senior managers and leaders on this day and age are still following bad decision making frameworks, yet admitting they do need to do a better job with their data. The quote "When a data leak happens, it is probably your fault" is becoming more alive than ever.

No comments:
by

How To: SQL to Calculate Average of non-Zeroes from a List of Values

Labels: , , ,

I don’t do much coding these days but here’s one I’ve done recently and thought about keeping it for future reference Smile

For a list of values, how to calculate the average only using the ones which are non-zeros?


CREATE FUNCTION dbo.fn_AverageNonZeroes 
(@para int, @parb int, @parc int, @pard int, @pare int)
RETURNS DECIMAL(4,2)
AS
BEGIN
    DECLARE @average DECIMAL(4,2)
    DECLARE @a DECIMAL(4,2)
    DECLARE @b DECIMAL(4,2)
    DECLARE @c DECIMAL(4,2)
    DECLARE @d DECIMAL(4,2)
    DECLARE @e DECIMAL(4,2)
    SET @a=CONVERT(DECIMAL(4,2),@para)
    SET @b=CONVERT(DECIMAL(4,2),@parb)
    SET @c=CONVERT(DECIMAL(4,2),@parc)
    SET @d=CONVERT(DECIMAL(4,2),@pard)
    SET @e=CONVERT(DECIMAL(4,2),@pare)
    IF @a>0 OR @b>0 or @c>0 or @d>0 or @e>0
     SELECT @average=(@a + @b + @c +@d + @e) 
             / 
             (0+
             CASE WHEN @a=0 THEN 0 ELSE 1 END +
             CASE WHEN @b=0 THEN 0 ELSE 1 END +
             CASE WHEN @c=0 THEN 0 ELSE 1 END +
             CASE WHEN @d=0 THEN 0 ELSE 1 END +
             CASE WHEN @e=0 THEN 0 ELSE 1 END
             )
     ELSE
         SELECT @average=0.0
     
     RETURN @average
END 
No comments:
by

I am Speaking at the Collab365 2016 Event

Labels: , , , , , ,

Once again I got confirmed as a speaker for the Collab365 Conference. This is one of the coolest conferences around from the people organizing it to the folks participating online. A single session can easily reach thousands of people, so you can imagine my excitement. And as a plus, it is always great being at Microsoft HQ in Redmond. Also a good time to reconnect with folks from the Office 365 team in their offices. (*cough*also visit the Microsoft store*cough*)

400x133_speakerbadge_summit.jpg (400×133)

My session is as usual around Office 365 Compliance and Data Protection and it is called: "Office 365 eDiscovery: DLP for your Business and Your Data".

Join the Collab365 Summit and watch the sessions, there is an incredible amount of brilliant minds and souls behind this event, doing this for the community at large.

Where Can You Get More Information and Watch the Sessions?

Go to http://collab365.events/collab365-summit-2016/ . You can also follow the twitter @Colla365 and the hashtag #Collab365

Also, who doesn’t love an opportunity to visit Microsoft Headquarters in Redmond Smile

image

image

No comments:
Subscribe to: Posts (Atom)