PRIVILEGED USER ACCESS CONTROL

Vormetric Data Security Use Cases

Guarding Against the Risks Posed by Privileged Users and Compromised Credentials

The Challenge

Over the course of the past few decades, computing architectures, security approaches, and security threats have all changed radically. However, over that time, a common security gap has persisted: the risks posed by administrative access privileges.

In order to carry out their responsibilities, administrators need the permissions required to execute such tasks as software installation, system configuration, user permission management, resource allocation, and more. Through this access, administrators virtually always also have access to the data and services that run on the systems they manage. Further, teams of administrators have often shared their administrative credentials. While this facilitated easier distribution of workloads, it also made it difficult to assign specific activities to a specific individual—and so to hold anyone accountable for a policy violation or breach.

While this security gap is nothing new, it is one that has grown increasingly critical to address. In recent years, virtually all servers and equipment an organization relies on have grown increasingly interconnected, both with other internally managed systems as well as external networks and equipment. With the increasing adoption of virtualization, cloud services, and big data implementations, new layers of administration—and of administrative privileges—also are added that potentially expand the risk.

Administrative privileges have left many organizations exposed to these threats:

  • Insider abuse. It is often easy for malicious insiders to abuse their privileges, whether to make money or sabotage the business. These risks are exacerbated in the cloud, where organizations may be exposed to the threat of their own administrators, as well as those of the cloud provider.
  • External attacks. Administrative privileges represent a vital asset, and one that is increasingly targeted by external attackers. For example, an advanced persistent threat (APT) attack may use social engineering tactics to gain one administrator’s credentials, and use that as a launching point to access and exploit other systems and services.

The Solution: The Vormetric Data Security Platform

With the Vormetric Data Security Platform, organizations can gain the comprehensive, robust, and granular controls they need to guard against the abuse of privileged user access. The Vormetric Data Security Platform consists of several product offerings that share a common, extensible infrastructure. The solution features capabilities for data-at-rest encryption, key management, privileged user access control, and security intelligence. Through the platform’s centralized policy and key management, customers can address security policies and compliance mandates across databases, files, and big data nodes—whether they’re located in the cloud or in virtual or traditional infrastructures.

The Vormetric Data Firewall enables privileged user to do their jobs, and never see protected data

The Vormetric Data Security Platform delivers a range of critical capabilities that protect against the abuse of privileged access controls:

  • Separation of privileged users and sensitive user data. With the Vormetric Data Security Platform, administrators can create a strong separation of duties between privileged administrators and data owners. The Vormetric Data Security Platform encrypts files, while leaving their metadata in the clear. In this way, IT administrators—including hypervisor, cloud, storage, and server administrators—can perform their system administration tasks, without being able to gain access to the sensitive data residing on the systems they manage.
  • Separation of administrative duties. Strong separation-of-duties policies can be enforced to ensure that one administrator does not have complete control over data security activities, encryption keys, or administration. In addition, the Vormetric Data Security Manager supports two-factor authentication for administrative access.
  • Granular access controls. In addition to encryption and key management, the solution can enforce very granular, least-privileged user access policies, enabling protection of data from misuse by privileged users and APT attacks. Granular policies can be applied by user, process, file type, time of day, and other parameters. Enforcement options are very granular; they can be used to control not only permission to access clear-text data, but what file-system commands are available to a user.
  • Secure, reliable, and auditable key management.  The solution provides extensive audit capabilities that can be used to report on all activities relating to key usage, including key generation, rotation, destruction, import, expiration, and export.
  • Detailed security intelligence. The Vormetric Data Security Platform provides detailed logs that specify which processes and users have accessed protected data. The detailed logs specify when users and processes accessed data, under which policies, and if access requests were allowed or denied. The logs will even expose when a privileged user submits a command like “switch user” in order to attempt to imitate, and potentially exploit, the credentials of another user. Sharing these logs with a security information and event management (SIEM) platform helps uncover anomalous patterns in processes and user access, which can prompt further investigation. For example, an administrator or process may suddenly access much larger volumes of data than normal, or attempt to do an unauthorized download of files. These events could point to an APT attack or malicious insider activities.

WEBCAST

Webcast: Privileged Users

Webcast: Safeguarding data in the cloud

Webcast: Privileged Users: Functional. Not Fraudulent  

Watch Now >>

WHITE PAPERS

The Insider Threat: How Privileged Users Put Critical Data at Risk

Vormetric on cybersecurity

Many businesses and government agencies focus on external threats

Download >>

CUSTOMER QUOTE

 With commercial tools, such as Vormetric, you can actually give certain people certain access without root-level privileges. You can encrypt your data in storage to set up roles of who actually gets to see the data. The admins can do their jobs, and they don’t get access to any data files. 

Robert Bigman,
former CISO at the CIA
GovInfoSecurity – June 21, 2013

SOLUTION BRIEFS

Encryption Architecture

Safeguarding Data with Privileged User Access Controls

Download >>

WEBCASTS

Encryption Architecture

The Threat from Within: What Can We Learn from the Edward Snowden Affair

Watch Now >>

2015 INSIDER THREAT REPORT

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • FireHost
  • QTS
  • Teleperformance Secures
  • Delta Dental