Man­ag­ing the keys to your king­dom

JOHN WOR­RALL, CHIEF MAR­KET­ING OF­FI­CER, CYBERARK SOFT­WARE INC

HWM (Malaysia) - - Q&A - By JamesLu

Let’s start at the top. What are priv­i­leged ac­counts? Priv­i­leged ac­counts are the “keys to the IT king­dom”.

Who­ever has con­trol of these keys has ac­cess to that de­vice or that par­tic­u­lar part of the net­work. Ev­ery de­vice that has an IP ad­dress has a priv­i­leged ac­count, and that’s what used to de­ploy and man­age that piece of tech­nol­ogy. So it has all the power to turn a de­vice on, turn off; de­cide who gets in, how the de­vice is de­ployed. In the hands of a trusted in­di­vid­ual, it works ex­actly the way it’s sup­posed to, but in the hands of the at­tacker, it’s dev­as­tat­ing, be­cause who­ever con­trols the priv­i­leged ac­counts ac­tu­ally con­trols your busi­ness.

The chal­lenges con­sumers face are al­most iden­ti­cal to chal­lenges se­cu­rity ad­min­is­tra­tors face, which is the clas­sic: “I have to have a pass­word, I want it to be se­cure, but I want to make it easy to re­mem­ber.” That’s a re­ally hard thing to do.

But with ev­ery­thing be­ing more in­ter­re­lated, how do I know that I can trust my pass­words and the ser­vices I use?

I’d say it comes down to “trust”. The or­ga­ni­za­tions you deal with all need to have some in­ter­nal so­lu­tions to deal with their se­cu­rity sys­tems and pass­words. As a con­sumer, you don’t have enough in­for­ma­tion to know what they’re do­ing, and even if they ex­plained it, you prob­a­bly wouldn’t un­der­stand half of it. So, ba­sic prac­tices to do are:

Keep your pass­words in a se­cure place.

If you want to write them down, that’s great but don’t just leave them ly­ing around. Keep them in a locked drawer or some­where that no one else is able to get to.

One of the key ideas in en­ter­prises is to seg­ment cre­den­tials so no one pass­word gives ac­cess to ev­ery­thing.

Do the same thing with your own

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.