December 22, 2010, 9:35 PM — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Let's face it. Individuals with malicious intent are constantly crafting new ways to penetrate your IT environment. One of the most pervasive security threats today is the internal user with excessive privileges and access to critical data. According to the Verizon 2010 Data Breach Investigations Report, 48% of data breaches are caused by insiders and of those incidents, 90% are the result of deliberate and malicious activity.
Small IT teams are tasked with maintaining business services (often dependent on Active Directory), enforcing secure administration practices, and rapidly responding to time-consuming user requests (Gartner, 2010).
The breadth of requirements puts already resource-constrained IT organizations under additional pressure to make contextual decisions about the validity of users' requests, when in reality, only asset owners have the context necessary to make that decision. As a result, many employees, contractors and partners end up with access to more data than necessary to perform their assigned job. It is this access that creates an increased risk that organizations cannot tolerate.
There are solutions, processes and resources that exist to help you reduce organizational risk, manage identities appropriately, maintain services and do so with allotted resources. As the role of Active Directory evolves and becomes a central component of your infrastructure, consider the following steps to improve your security posture and your ability to facilitate productive business.
* Implement and enforce controls. Active Directory natively lacks the administrative controls necessary to maintain a secure environment. As such, organizations should seek to implement a solution that provides a granular separation of administrative duties. By granularly controlling access, you can more easily ensure that users with elevated privileged access are only granted access to data that is relevant to their job.
* Automate detection and remediation of unauthorized change. Your ability to reduce risk in your organization is dependent on your awareness that an event has occurred, coupled with your ability to remediate or rollback the change. Automating event detection and notification significantly reduces your risk exposure because you know more quickly an unauthorized change or access has been made. Knowing an event has occurred is the first step in reducing risk. The next step is to determine if you approve this activity or if you need to remediate the change.