Last Friday near the end of day I thought I would speak to one of our engineers about this blog topic. Coincidentally, 5 minutes into our conversation, he received an alert indicating unusual resource consumption on our blogging server. Upon examination, someone accessing our login page from a server in New Jersey was trying to crack into our site. We initially monitored the activity to see how well our strong password policy held up and to track the individual’s footprint. After 40 minutes and over 40,000 access attempts, the activity stopped. Two hours later, probably after his dinner break, the assailant returned.
While our hacker reassessed the situation, we took immediate action. We changed the location of files, passwords, and account names. We then contacted the ISP in New Jersey to report the activity and source domain. When the hacker returned, he saw what we did and rather than become discourage, he pursued a different course of action. During the second attempt, the utility he used to identify an access point created an enormous server resource heap. Although we protected ourselves from the strike, his actions created a resource logjam that slowed our server processes to unacceptable levels. Within minutes, we cleared the heap and we’re back to full capacity.
Now suppose the assault went undetected and the assailant remained unsuccessful. Without our attention to the issue and taking immediate action, the heap would contribute to a poor user experience and remain until the next time we applied a patch or rebooted the server. This example represents just one unknown repercussion of inadequate security and response processes.
Cyber Attacks, like Car Accidents, Are Preventable and Unavoidable
As an identity management company, I recognize we are in the information security business. When it comes to cyber security, like a fire department, we practice prevention, prepare for events, and take immediate action even if it means monitoring smoke. In order to protect customer data, retailers must adopt a similar mentality to prevent a Target fiasco. According to Washington Post security expert Brian Krebs’, the Target malware went undetected on an abandoned server for 15 days. Four days after being initially identified, it was removed. From a security perspective, four day is a Katrina-like response to a disaster.
Identity Management Best Practices for Preventing Cyber Theft
Every enterprise should adopt the following 5 identity management best practices to prevent compromised resources from contributing to cyber theft:
Enforce a strong password policy: in this day and age there is no excuse for not enforcing a strong password policy. Automate the enforcement of your enterprise password management policy. Strong passwords are your first line of defense.
Automate access management privileges and group memberships: Apply business rules to workflow automation for access management and group membership approvals and privileges. Every manual identity management activity creates the potential for a breach.
Put an end to privileged identities: The actions and access of administrators should never be anonymous. Make administrator actions auditable. Stop the practice of sharing passwords among administrators and business units. Never share privileged accounts.
Deploy unmanned administration: In our assault, we were prepared to immediately act when alerted to unusual activity. Unmanned administration establishes tolerance levels and automates alerts when unusual activity occurs In Target’s case unmanned administration would have detected and reported their abandoned servers.
Training and Tools: Target is now investing $5 million to educate employees and the public. I commend their actions and believe training does not go far enough. Organizations must empower business users with access certification tools. Business user tools enable an organization to add the equivalent of a ‘neighborhood watch’ to IT governance.
Target’s misfortune puts a focus on IT security. It also brings to light PCI DSS compliance alone is inadequate. To protect customer data, you must mitigate internal and external threats across production and non-production environments continuously. Before you can ensure the integrity of sensitive data, you must prevent unauthorized access. By automating IT security operations, you exceed most compliance regulations and reduce operating cost. In making your business more efficient, you simultaneously reduce cyber threats to customer data.
Get the Free KuppingerCole Identity Management Analyst White Paper
Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.