Increased threats to sensitive and confidential workplace data are created by a lack of control and oversight of privileged users, including database administrators, network engineers and IT security practitioners, said a report.

HP has unveiled new global research that reports key findings of “The Insecurity of Privileged Users” study, conducted by the Ponemon Institute.

The report revealed that:

• Fifty-two per cent of respondents indicated that they are at least likely to be provided with access to restricted, confidential information beyond the requirements of their position.

• More than 60 per cent reported that privileged users access sensitive or confidential data out of curiosity, not job function.

• Customer information and general business data are at the highest risk, and the most threatened applications included mobile, social media and business unit specific applications.

Many respondents claimed to have well-defined policies for individuals with privileged access rights to specific IT systems.

However, almost 40 per cent were unsure about enterprise-wide visibility into specific rights, or whether those with privileged access rights met compliance policies.

Organisations attempt to maintain control over the issue in different ways. Twenty-seven per cent say their organizations use technology-based identity and access controls to detect the sharing of system administration access rights or root-level access rights by privileged users, and 24 per cent say they combine technology with process.

However, 15 per cent admit access is not really controlled and 11 per cent say they are unable to detect sharing of access rights.

“This study spotlights risks that organizations don’t view with the same tenacity as critical patches, perimeter defense and other security issues, yet it represents a major access point to sensitive information,” said Tayfun Topkoc, HP Software regional director HP Middle East.

“The results clearly emphasize the need for better access policy management, as well as advanced security intelligence solutions, such as identity and privileged user context, to improve core security monitoring.”

“The intent of the study is to provide a better understanding of the state of access governance in global organizations and the likelihood privileged users will abuse or misuse IT resources,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute.

“The findings demonstrate key areas of concern, and clearly identify budget, identity and access management technologies, and network intelligence technologies as the three most critical success factors for governing, managing and controlling privileged user access across the enterprise,” he added. – TradeArabia News Service