Snowden NSA breach highlights need to record IT administrator actions

Is your company vulnerable to a "Snowden attack?" (Yes.) More importantly, what can you afford to do about it?

Nearly all IT administrators are working hard to serve and protect their organizations with limited budget and staff. However, NSA contractor Edward Snowden's release of documents describing classified NSA surveillance programs highlights the fact that the occasional rogue IT administrator poses the ultimate insider threat. As a recent New York Times article notes, companies (or the government!) may construct elaborate security classifications and access control systems, but if they use conventional operating systems and grant IT administrators root access to the servers, the administrators can circumvent everything and access any file on any system they have access to. In reality, that makes the security policy "We have the world's best information security, unless a single one of our IT administrators gets mad, in which case we're screwed."

What's a hardworking Chief Security Officer to do? If the federal government, whose intelligence budget alone exceeds $80 billion dollars per year, hasn't solved this problem, how can an ordinary private enterprise with an ordinary budget reduce the likelihood of rogue IT administrator insider attacks?

Vistara's Audit Compliance and Surveillance (ACS) feature automatically records every administrator action for later playback and auditing. Every time an administrator authenticates to Vistara and accesses a system, the session (and the administrator's screen!) is recorded, keystroke by keystroke, so authorized auditors can later review everything the administrator did simply by playing a video. Customers can configure their systems so that administrators can onlygain root access to systems through Vistara, preventing end-runs around Vistara itself. You'll know who did what when, and you won't have to wait for a Hong Kong news conference to find out.

This doesn't guarantee that a disgruntled administrator won't access or release files they shouldn't, but it ensures you can identify the perpetrator and take appropriate disciplinary action. When IT administrators know that their actions are being recorded, they're far less likely to breach security policy. Most people are unwilling to pay the price of violating security policies and only breach policy if they believe they won't be caught.

Better still, management will be able to study the sessions to identify best practices by the overwhelming majority of system administrators who are working hard in good faith and improve everyone's productivity.

Want to see how Vistara can improve your security, auditability, and overall IT productivity by giving you a single tool to securely monitor and manage your entire IT infrastructure? Ask for a demo today!


Image credit: amelungc


Recommended posts