Recently our own Paul Christman, President & CEO of Quest’s Public Sector Group published an article to USA Today. In the article, Paul discusses the challenges that the US federal government faces on a daily basis with regard to cyber-attacks. In fact, in 2012, the federal government reported nearly 140 attacks per day. And that’s just was reported.
Paul goes on to recount some of the security incidents that have afflicted the federal government including the lack of audit capabilities at the USPS. Beyond what Paul reports and even more recently, the IRS had an issue (well, let’s be candid, they have had myriad issues lately) in that they unwittingly exposed tens of thousands of Social Security numbers.
As a result of these attacks, President Obama issued an executive order referred to as the Open Data Initiative. Much has been written about this order so I will not go into the details here. If you want to learn more, I recommend you start with a blog written by my colleague, Jamie Manuel.
Finally, Paul goes on to highlight how one strategy that the government suggests for preventing security incidents is to have a strong Identity and Access Management program in place. And think about – many of these security incidents happen because an account – a single account – is compromised. If that account is locked down on the inside, meaning that whoever uses that account is strictly limited in the data that the account can access, then the risk is mitigated.
I know what you’re thinking, “that’s great for accounts owned by the new sales rep or someone working on the factory floor where they can only access email and a few minor apps. What about more powerful accounts like administrative accounts?”
The government recommendations actually take this into account as well. They recommend ensuring that those accounts (heck, all accounts) have a “least privilege” model. That means that each of those accounts should be strictly limited in what they can actually do. If a junior admin has been instructed to only reset print queues, don’t give that person an account that can reset the box. Many OSes do not have this capability natively, but there are third party products to solve this problem which in turn will solve a great number of security issues being faced by the US government – and enterprises around the world – every day.
Please take a moment to check out Paul’s article which was posted just yesterday (July 11, 2013) on the USA Today website.