Establishing controls for Privileged access continues to be a focus of attention for organisations and auditors. Gartner, Inc. said that by 2018, 25 percent of organisations will Review Privileged Activity and reduce data leakage incidents by 33 percent.
"Only less than 5 percent of organisations were tracking and reviewing Privileged Activity in 2015," said Felix Gaehtgens, research director at Gartner. "The remainder is, at best, controlling access and logging when, where and by whom Privileged Access takes place — but not what is actually done. Unless organisations track and review privileged activity, they risk being blindsided by insider threats, malicious users or errors that cause significant outages."
Prevention of both breaches and insider attacks has become a major driver for the adoption of privileged access management (PAM) solutions, in addition to compliance and operational efficiency. PAM is a set of technologies designed to help organizations address the inherent problems related to privileged accounts.
"IT organisations are under increasing business and regulatory pressure to control access to these accounts, which can be administrative accounts, system accounts or operations accounts," said Mr. Gaehtgens.
Gartner recommends that IT operations and security leaders use some best-practice approaches for effective and risk-aware privileged access management.
Inventory All the Accounts With Privileged Access and Assign Ownership
All privileged accounts in your IT environment that enjoy permission levels beyond those of a standard user should be accounted for. It is a security best practice to frequently scan your infrastructure to discover any new accounts introduced with excess privileges. "This becomes even more important for dynamic environments that change rapidly, such as those using virtualization on a large scale, or hybrid IT environments that include cloud infrastructure," said Gaehtgens. "Organizations should start by using free autodiscovery tools offered by some PAM vendors to enable automated discovery of unmanaged systems and accounts across the range of infrastructure — but even those autodiscovery tools will not find everything."
Shared-Account Passwords Must Not Be Shared
The golden rule is that shared-account passwords must not themselves be shared. Sharing passwords, even among approved users, severely erodes personal accountability; this is a security best practice and demanded by regulatory compliance. It also makes it less likely that passwords will leak to others.
Minimize the Number of Personal and Shared Privileged Accounts
Eliminate, or at least drastically reduce, the number of users with (permanent, full) superuser privileges to the minimum that is consistent with operational and business needs. Migrating to shared privileged accounts is a recommended practice; however, this requires appropriate tools — managing the risks and control issues that arise from the use of such accounts is inefficient and complicated without a shared account password management tool.
Establish Processes and Controls for Managing the Use of Shared Accounts
Establish processes and controls for managing shared accounts and their passwords. While it is possible to use manual processes to manage privileged access, it is too cumbersome and virtually impossible to enforce such practices without specialized PAM tools.
IT operations and security leaders need to implement PAM tools to automate processes, enforce controls and provide an audit trail for individual accountability. These tools are mature, and provide efficient and effective password management for shared superuser (and other) accounts in a robust, controlled and accountable manner, enabling any organization to meet regulatory compliance requirements for restricted access and individual accountability.
Use Privilege Elevation for Users With Regular (Nonprivileged) Access
Administrators will typically have personal, nonprivileged accounts that they use for their day-to-day work, such as reading email, browsing the Web, accessing corporate applications, creating and reviewing information, and so on. "Never assign superuser privileges to these accounts, because these might exacerbate accidental actions or malware that can cause drastic consequences when used in a privileged environment," said Gaehtgens. "Instead, use privilege elevation to allow temporary execution of privileged commands."
Companies Aren’t Investing in Personalization: New Mindtree Study
A global, cross-industry study released today by Mindtree, a leading Digital transformation and technology services company, pinpoints personalization as the key driver that will help “phy-gital” consumers reach their ideal mix of online and offline shopping. It also reveals that while most companies are in transformation mode and consider themselves pioneers in adopting or investing in digital technologies, few are investing in personalization initiatives that consumers say will increase the depth and breadth of their shopping experience.
Key findings from the survey include:
· Consumers indicate that personalized promotions encourage them to buy products and services they have purchased before (78 percent), as well as relevant products and services they have never purchased (74 percent).
· Only 28 percent of the decision makers from companies surveyed globally say their organizations are investing significantly in personalization to improve the online purchasing experience, even though it has improved their online sales over the past 12 months for the majority (58 percent).
· Consumers expect their use of mobile apps for shopping to more than double in the next three years. While 6 percent of consumers said their preferred channel for making retail purchases as of 2015 was mobile apps, 15 percent said they expected mobile apps to be their preferred channel by 2018.
The study, “Winning in the Age of Personalization,” was commissioned by Mindtree and conducted by independent market research firm Vanson Bourne. It surveyed 6,000 consumers across three primary regions (U.S., Europe, and Asia/Pacific), as well as 900 decision-makers from companies spanning the retail and consumer goods, travel and hospitality, banking and insurance, and media and entertainment industries.
The survey also highlights some notable disconnects between what online features consumers desire and what features companies are investing in. As an example, consumers crave improved search and compare/aggregate functions, but companies are investing more in features like shopping lists, wish lists and social features. The survey results also reveal the top reasons that customers abandon online shopping carts, and what drives customers to read and post online reviews (positive or negative).
“There are a lot of stories to be gleaned from this study, but what stands out most is that companies need to prioritize more investments in personalization, an area that quite clearly drives more commerce,” says Radha R., EVP and Head of Digital Business at Mindtree. “Many of today’s personalization approaches are ineffective since they are based on a siloed view of the customer. With the right data engine and digital underpinnings in place, customized experiences will allow companies to target the right people, at the right time, in the right place, on the right device, with the right content.”
Recommended Next Steps for Companies:
· Break up data silos to get a more enriched view of customers from various digital touch points, using a big data-led approach.
· Deliver relevance for customers by creating content, offers and recommendations using context-weighted personalization algorithms.
· Implement the technology to automatically deliver these customized messages and offers to customers in a cross-channel, cross-device landscape.
This will only work if a company has the right digital infrastructure at the broadest level.Mindtree believes that companies need to blend four cornerstones that are crucial to achieving true digital transformation and success: creating digital customer experiences, digitizing the value chain across the front and back end, developing “sense-and-respond” systems, and shaping new, innovative business models and partnerships.
“It’s important to note that an online presence should focus on serving customers and not just on selling to customers,” says Paul Gottsegen, Chief Marketing and Strategy Officer at Mindtree. “With better personalization, companies will essentially embed themselves in the ongoing phy-gital lives of consumers and earn the right to be part of a continuous stream of engagement. It will strengthen the relationship for the long haul and give the companies that get it right a big advantage.”