Australian companies may be among the most enthusiastic and progressive about cloud services in the world, but they're opening up new avenues for attack unless they complement cloud initiatives with efforts to identify control unmanaged privileged user accounts, a CyberArk executive has warned.
The Israel-based company has ramped up its presence in Australia this year, chief marketing officer John Worrall told CSO Australia, with the initial one employee already growing to four in a matter of months and more on the way.
Yet behind this demand, he added, are many cases of organisations pushing towards the cloud only to discover that simply replicating large numbers of servers in the cloud is duplicating vulnerabilities as privileged user accounts are similarly duplicated – and, often, left exposed in large quantities.
“Years ago the market was driven by regulatory compliance, but in the past 18 to 24 months we've definitely seen a shift in our customer base around the globe,” Worrall said. “They are much more aware of the role of privileged accounts in cyber attacks – whether from internal staff, or outsiders who have come into the network and go rogue using the credentials they've been given.”
Over time, the number of additional accounts that systems administrators create can exceed the number of employees by a factor of 3 or 4: “we had one customer that had over 1 million privileged user accounts,” Worrall recalled. “The numbers can be quite staggering.”
Cloud's multiplier effect compounded the problem by creating additional instances of servers with privileged user accounts. These additional instances needed to be managed, either by limiting the lifespan of the virtual images that contain them, or by ensuring that privileged accounts are tracked and effectively managed.
“It's not a technology challenge,” he said, “but a process challenge.”
Service providers as well as end-user customers bear the onus of controlling the environment's exposure to privileged access accounts, he added.
“If you're putting your data into the cloud and it has privileged security, who is responsible for that security?” he said. “If service providers can provide full access controls and privileged monitoring, they can go back to the customer to say 'we're doing our job and have the records to prove it'.”
“It's really about having the processes necessary to make sure that your service provider is doing the things they need to do.”
To support these efforts, CyberArk this week integrated its Privileged Threat Analytics tools with McAfee's Enterprise Security Manager (ESM) platform, which can quickly block or downgrade privileged user accounts once they are correlated with malcious activity.
Customers also needed to consider the exposures created by privileged user accounts in the context of new mobility initiatives that made network access points more exposed than ever, Worrall added.
Given Australia's strong mobile usage and rapid-fire cloud adoption, businesses in this country faced a particularly strong burden to get on top of their privileged accounts: once malware had exploited such an account to get inside the network, he pointed out, it was already too late.Read more: The week in security: Apple security scrutinised; certifications to boost cloud appeal
“The customers I've met in Australia are much further along in providing cloud and solutions that manage privileged security in the cloud,” he explained. “That's one area that Australia is unique and leading on.”
“But every business has something that somebody would want to steal – and once a hacker has privileged access to a system they don't need the malware anymore. Companies have to work on the assumption that attackers are already in the network – and, in cloud environments, this makes privileged account protection just that much more important because the attack surface is just so broad.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.