Agencies lack visibility into privileged users. What else are they missing?
- By Michael Crouse
- May 17, 2021
Agencies today face a new “known unknown.” They’re increasingly aware they lack visibility into employees who have privileged user access to data and systems.
Only 11% of government organizations are “very confident” they have enterprisewide visibility and can confirm that privileged users are complying with relevant policies. That’s according to a recent study, “The State of Privileged User Abuse in United Kingdom and United States Government Organizations,” conducted by research firm Ponemon Institute and sponsored by Forcepoint.
The report raises even bigger questions. If agencies can’t see the users who have access to their most sensitive data and systems, where are their other IT blind spots? Especially in an era of remote work, cloud access and shadow IT, how much technology spend and cybersecurity vulnerability remain unrecognized? And how do new organizational processes impact the people behind the keyboards?
Fortunately, the Ponemon study points to tangible steps agencies can take. By automating manual processes, understanding user behaviors and investing in next-generation cybersecurity technologies, organizations can better manage privileged users and close the cloud-visibility gap.
Placing a premium on cloud visibility
Across government, agencies are expected to retain at least a hybrid model in which large numbers of employees continue to work remotely after the COVID-19 crisis wanes. The Cybersecurity and Infrastructure Security Agency, for instance, notes that “organizations have started planning for more permanent and strategic teleworking postures.”
Strategic planning will be vital, since many agencies were forced to quickly cobble together remote-work practices as the pandemic emerged in early 2020. In the rush, employees may have solved remote-connectivity challenges by using devices, applications and cloud services not approved by IT departments.
The result has been a proliferation of shadow IT, which has implications for employee productivity, IT budgets and, most worrisome, cybersecurity. Cloud storage in particular raises security concerns, as even the most popular services can have weaknesses.
For example, in April 2020 Microsoft patched a vulnerability that let cybercriminals who got access to an endpoint to then increase their privileges and take advantage of Microsoft OneDrive to overwrite files. In August, Google admitted to a shortcoming that permitted users of Google Drive to update an existing file with a new version that included a malicious executable.
All these issues emphasize the need for better cloud visibility. A cloud access security broker can offer an effective solution. A CASB enables organizations to recognize and track the use of cloud applications. Situated between the user and the cloud service provider, a CASB is designed to identify high-risk activities and enforce policies and controls for cloud applications. In the process, it can block account-centric threats, meet compliance requirements and protect sensitive data.
Closing the visibility gap
Like CASBs, other practical solutions exist for government organizations to better manage their privileged users and their cloud environments overall.
Automate manual processes. Agencies recognize that security threats can originate from social-engineering attacks targeting privileged users and from malicious insiders trying to obtain privileged users’ access rights, the Ponemon study shows. But they acknowledge even greater risks from internal processes. For instance, 73% give employees privileged-access rights that exceed the needs of their role.
Robust automated tools can help agencies not only understand which employees require what level of access but also monitor and manage that access over time. Always-on enforcement can help them home in on risky behavior -- without creating friction for users legitimately doing their jobs.
Understand user behaviors. Organizations struggle to detect insider threats. Often that’s because their security tools provide too many false positives (57%), more data than can be reviewed promptly (53%) or insufficient contextual information (42%).
Behavior-monitoring tools can help agencies root out anomalous user activities that could indicate a potential risk. Behavioral analytics can combine IT data, non-IT information and even psychological factors. Correlating data from sources such as user activity monitoring, data leak prevention tools, HR records, security violation databases, physical access records and identity, credential and access management solutions can identify insider risk. It can also help automate risk mitigation at the endpoint or network edge. The ability to shut down attacks before a breach occurs allows agencies to more proactively reduce their overall risk.
Invest in next-generation cybersecurity technologies. Organizations clearly need a better handle on employee access to sensitive data. In fact, 44% say access to sensitive information isn’t controlled, and 29% are unable to detect sharing of access rights. Often, agencies rely on manual, time-consuming approaches like monitoring and reviewing log files (43%) rather than next-generation technologies such as threat-intelligence tools (28%).
Agencies can benefit from a zero-trust cybersecurity architecture that replaces outmoded, perimeter-focused methods with a dynamic, user-centric approach. This modern, continuous-monitoring methodology derives user risk scores from a diverse set of unstructured and structured data applied to access-control points. The goal is to determine whether an individual is trustworthy at a given moment in time. The result is adaptive, risk-based security that gives agencies the strongest security where they need it most.
Agencies will always require some employees to have privileged access to data and systems. And as organizations re-evaluate where work will be performed going forward, many employees will still need remote access to workloads in the cloud.
As the study shows, however, these needs also present risks. By investing in tools that help automate processes, understand user behaviors and manage data and system access, organizations can equip users to support their missions while maintaining critical cybersecurity controls.
Michael Crouse is director, enterprise data and user protection, at Forcepoint.