Aujas US

An IDG Ventures Company

Managing Risk of Privileged Access and Activity Management

Managing the risk of privileged accessThe Problem
As organizations continue to leverage IT systems to support their businesses, the requirement of managing privileged users is rapidly emerging. Privileged IDs are the in-built system accounts within applications, operating systems, and databases. Additionally, user accounts that are created for administration of systems are also privileged IDs.
These IDs have higher and generally unrestricted authority associated with them to allow efficient system maintenance. As a side effect, these IDs can also be used to make widespread changes to the business systems.

The Risk
Usually, these IDs, especially the ones that are in-built, are shared among the groups of administrators. This method of sharing highly powerful access can cause accountability concerns and non compliance with regulatory requirement, thereby significantly increasing the access risk.

Data can be stolen undetected or IT systems can be sabotaged by misusing the privileged access, since these IDs have access to systems from the backend and can bypass the control deployed for business users.

The rapidly emerging trends of cloud computing, consolidation of data centers, virtualization and hosted application services providers imply growing numbers of IT systems and privileged IDs. Any organization using significant number of IT systems like servers, network devices, desktops, or applications faces the requirement of managing privileged IDs.

Regulatory and government requirements for telecom, banking and IT verticals create an even greater need to address this requirement. Recent prominent and high profile security breaches in these verticals across the globe highlight the degree of access risk caused by inadequate privileged ID management.

What Not to Do
Limiting the privileges granted to these IDs will not mitigate the risk as it will render the useless IDs to perform its functions. Alternatively, some organizations aim to bring in accountability by assigning individual IDs to their administrators in order to eliminate sharing. This approach is helpful only for managing a small number of administrators managing few systems.

In-built IDs will still need to be shared even if administrators use their own individual IDs. To add to the complexity, some IT systems enforce a limit on the number of individual accounts that can be created to manage them. Moreover, the number of individual IDs grows multiplicatively with the increase in both the number of administrators and managed systems.

For example, an admin team of twenty managing a thousand systems can easily be dealing with more than 20,000 IDs. The cost and complexity of managing the lifecycle, enforcing password policies and access controls on so many individual IDs makes this approach suboptimal.

Mitigating the Risk
What is needed is a comprehensive and modular approach to privileged access and activity management. Privileged access and activity management is an identity management domain comprising of the same traditional building blocks of User Provisioning, Single Sign-on and Access Management, Role Management, Password Vault and SIEM tied together with robust solution design based on well thought of policies and procedures.

A good solution approach uses an iterative model to focus on each of these areas and improve them incrementally by understanding how it integrated with other building blocks. This approach allows for a modular solution which not only can solve immediate problems with least disruption and change to the existing practices, but also scale to meet the evolved requirements as the business and expectations grow.

Advertisements

July 26, 2011 Posted by | Access control, IT security, Risk management | , , , | Leave a comment

Aujas Opens New Office in California to Focus on Global Growth

Sameer Shelke, Co-founder, CTO and COO moves to US

Aujas, a global provider of information risk management services, has opened a new office in California as part of the company’s continued geographic expansion. The new office will increase Aujas’ presence in key growth markets and support its global growth strategy. The expanded U.S. presence will allow Aujas to offer its information risk management services to companies across the West Coast.

As a part of this initiative, Sameer Shelke, co-founder, COO and CTO of Aujas has moved to California to work closely with key clients in the region. His focus will be on developing and creating more focused information risk solutions to help companies globally. Sameer will also explore new areas of partnerships and business opportunities across country.

“With an increase in the need for information risk  management services globally, Aujas has been considering ways to serve, partner and engage with local communities to provide solutions. We are very confident  that with our presence in California, we will be able to open up new opportunities and strategic partnerships in the U.S.,” said Sameer.

Joining Sameer in the California office is Ms. Annmarie Papp, who recently joined Aujas as Business Development Manager. She has more than 25 years experience in sales and consulting for technology organizations, and was previously with RSA as the Senior Director of Professional Services. Annmarie has worked with companies such as Symantec Corporation, EMC Corporation, Hitachi Computer Products and has considerable experience in sales,  results-oriented sales management and business development strategies.

“We’re getting a good response from the market and have already signed up many clients on the East Coast. The new California office plus our existing presence in New Jersey will help us work with new clients and partners and establish a higher level support and commitment. We’re delighted that our efforts to expand and reach out to companies seeking help on information security are showing results,” added Karl Kispert, VP of Sales and Business Development.

In an independent survey conducted at CIO & IT Security Forum 2011, companies chose Aujas amongst the top 5 most requested information risk management service providers. With the new office and team, Aujas will be able to reach out to such companies and focus on their information security needs.

About Aujas

Aujas (www.aujas.com) is a global Information Risk Management services company and an IDG Ventures company, part of International Data Group (IDG).  The company’s consultants work with the client’s management teams to align information risk with business initiatives, so that security becomes a business driver and competitive advantage.

Aujas helps clients manage emerging technologies – mobile devices, social media, cloud computing – that are transforming the business environment and posing increasing security challenges.

The company offers global clients:

  • Information risk advisory services
  • Secure development lifecycle services
  • Identity and access management services
  • Managed information risk services
  • Vulnerability management services
  • Mobile, social media and cloud security services

For more information about Aujas services, contact Karl Kispert at karl.kispert@aujas.com or visit http://www.aujas.com.

June 30, 2011 Posted by | Enterprise Security, information risk management services | , , , , | Leave a comment