Best Practices for Watching the Watchers
By Philip Lieberman Enterprise Systems Journal
Inside your data center it's the system administrators, DB admins, and IT managers who hold all the power -- controlling everything from employee access to the confidentiality of private customer data. So much power in the hands of a few individuals ought to be a scary prospect to organizations that depend upon IT to keep the business running and data secure.
The simple truth is that today virtually all IT staff enjoy anonymous, unaudited, 24/7 access to your data center applications, computers, and appliances through use of privileged account credentials. More IT auditors are beginning to notice that this lack of accountability has brought organizations out of compliance with key industry mandates -- SOX, PCI-DSS, HIPAA, and others. The bad guys have also taken notice, exploiting these all-powerful and often poorly secured credentials in many of the latest, headline-grabbing breaches that include the attacks on Google and other U.S. technology firms.
Organizations that are looking to advance IT governance and stay compliant should ask these four questions.