Fox Technologies (FoxT) has partnered with research firm Echelon One to identify the persistent threats and appropriate actions that enterprises need to be aware of when implementing effective server access controls within their organization. The extensive research performed by Echelon One revealed startling results and identified key best practices that can help organizations protect themselves against insider threats and the theft and misuse of intellectual property and customer data if their network is compromised.
One of the most surprising findings of the survey was that a startling majority of respondents, 59 percent, are using home-grown solutions (12 percent), sudo (10 percent), or manual enforcement of privileged user access and passwords (37 percent) to control access to enterprise servers.
Simply put, 59 percent of those surveyed are potentially exposing their respective organizations to insider fraud, corporate espionage, and nation-state-sponsored attacks through use of outdated or ineffective server access management control technologies. Manual enforcement of privileged user passwords allows users to take administrative shortcuts resulting in IT’s inability to track the actions of any specific user to an account enabling theft and misuse of intellectual property and customer data once the network is compromised.
Nevertheless, some 69 percent of organizations polled have recognized the risk of poor access management controls currently in place and are planning to pursue access management as a key strategic initiative for IT in 2012. A number that is sure to increase as organizations realize the real risk of improperly defined Enterprise Access Management solutions.
“The threats organizations face continue to become more aggressive and expose them to a range of losses from intellectual property, customer lists, strategic plans and trade secrets,” said Bob West, CEO and founder of Echelon One. “Failing to control access to mission critical servers and data creates both economic and national defense issues we need to address immediately.”
Organizations need to take necessary steps to enforce granular authentication and authorization now, before more targeted and complex compromises affect IT’s ability to protect intellectual property and other critical electronic assets stored on servers and IT subsystems. With the enterprise’s brand and bottom line at stake, the path to protect those assets lies with properly implemented EAM solutions, as well as the understanding of the shortcomings of in place solutions, the adoption of best practices and the constant awareness of enterprise threats from both internal and external sources. The risk illuminated by this research has far reaching consequences for enterprise security management. As enterprise breaches become more sophisticated, the potential for successful compromises by insiders, rival corporations, and governments increases without proper server access controls in place. Failing to secure contextual authentication and authorization to critical data, and control elevation to privileged accounts without sharing passwords, can easily result in scenarios where rival corporations are able to access product development plans, patents, and engineering data and win the race to a competitive market offering. The ramifications of these scenarios pose huge financial threats to the enterprise in the near and short term once intellectual property is compromised.
Find the full report in PDF below.