Vodafone hangs up on security breaches exploiting privileged accounts

Employees and contractors of Vodafone Australia will benefit from increased security as part of an ongoing global overhaul of privileged-account management that will strengthen the company's ability to control access to its networks.

The company's new Privileged User Management Access (PUMA) program will be based on privileged-account tools from CyberArk that will be introduced within the global telco's many divisions to deliver “a consistent and cohesive approach to securing privileged accounts,” the companies said in a statement.

Based on CyberArk Enterprise Password Vault and CyberArk Privileged Session Manager, the solution will help Vodafone design and enforce policies for access to the privileged account credentials that provide access to its most important and sensitive internal systems.

It's not the only access-control system Vodafone has been adding recently: the company's New Zealand operations recently implemented a remotely-controlled access control system from HID Global that will allow the company to send time-limited access credentials to the smartphones of contractors accessing some 1200 remote mobile tower sites that would each normally have been accessed using keys.

Exploitation of privileged user accounts remains a glaring problem within many corporate environments, with vestigial accounts often left undiscovered and anecdotal reports suggesting there can be 3 to 4 times as many active accounts on a system as there are actual users.

CyberArk chief marketing officer John Worrall recently told CSO Australia that the numbers were often “staggering”, adding that new cloud models were compounding the problem by distributing systems access. “It's not a technology challenge,” he said, “but a process challenge.”

Rival telco Telstra is also on record about the importance of managing privileged-user accounts, with Telstra CISO Mike Burgess recently noting that tight control of such accounts would be crucial to ensuring the security of the massive volume of telecommunications metadata Telstra and other telcos will collect under controversial new Australian laws.

Effective identity and access management has long been a bugbear for Australian companies as BYOD programs and other technological changes force them to reconsider their often spotty access-control frameworks. Last year, security research firm the Ponemon Institute found that 24 percent of security breaches were due to an insider attack or to negligent IT users with strong access privileges.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags BYODVodafoneTelstrasecurity breachesVodafone AustraliaCyberArkMike BurgessCSO AustraliaPassword VaultPrivileged User Management Access (PUMA)John WorrallHID Global

More about CSOCyberArkEnex TestLabHIDHID GlobalVodafone

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts