But as the boundaries between companies, suppliers, partners and customer disappear; organisations now find themselves in a Catch-22. They need to eliminate the traditional network boundaries and open up their businesses to partners, suppliers, and customers to gain a competitive advantage. At the same time, they need to lock down and protect vital business information - all without disrupting the way users currently work, hiring an army of programmers, and draining corporate coffers.
Meeting IT governance requirements for change management, backup and access control
A quick search of the Internet for "default password list" yields a number of sites, at least one of which has over 1,200 default user accounts and passwords associated with the many applications, database software, operating systems and network devices shipped by manufacturers.
The requirements for improved security, access, and confidentiality means that many organisations are faced with the challenge of ensuring that their IT infrastructures meet the strict controls for processes such as Change Management, Backup and Recovery, and Access Control, to name a few. The backbone of every enterprise infrastructure is a massive network of servers, network devices, and security and other infrastructure that creates the complex communications network, or nerve centre, of a company. Every day, systems, network and security administrators are logging onto these critical infrastructure points for routine maintenance, repair and application of the most updated security patches.
Anti-fraud controls
To effectively ensure the integrity of information, IT architectures that emphasise secure repositories as control points to protecting information should be considered. For example, to provide a safe haven for information, antifraud technical controls should prevent and detect attempts at unauthorised modification and deletion of information. An essential component of any antifraud technical control is the ability to immediately alert the responsible individuals when suspicious activity is detected.
Drawing on the concept of a physical vault for data
A Network Vault from CyberArk employs the concept of a physical vault to secure critical business information. Network Vault protects business critical information utilising policy-driven, multi-layered information protection architecture. The Vault creates a safe haven, where files can be stored and later retrieved, providing tight control over the data when it resides inside the Network Vault, as well as when it is transferred over the network. Network Vault provides a high-security storage area to house the privileged passwords. This storage area incorporates authenticated and encrypted communications, access control mechanisms, encrypted data, and auditing. For example, it keeps track of the state of all passwords, and ensures that passwords are "checked out" and "checked in" with a mechanism that logs the activity.
If your organisation has highly sensitive information, such as: financial records, HR files, management correspondence, etc. and loss or exposure of these data items could result in severe consequences to the organisation, and to the responsible individuals, Network Vault may be of interest to you.
CyberArk publish a series of whitepapers on this subject.
Click here for a direct link to their web page http://www.cyberark.com/whitepapers/index.htm
|
