User access remains a pain for most companies according to a recent survey, with few IT managers reporting that they are satisfied with managing privileged-user access.
The study by the Ponemon Institute with Forcepoint, showed that privileged users (defined as database admins, network engineers, IT security pros and cloud custodians) unsurprisingly have the most useful vectors for hackers looking to steal credentials. They also account for the most dangerous insider threats.
Companies are feeling the stress of trying to keep up with change requests, leading to more user access with less accountability. 39-percent of respondents don’t feel confident that they can ensure that their users are complying with company policies. And it gets worse. 74-percent of respondents agreed with the statement that “privileged users believe they are empowered to access all the information they can view.” Two-thirds agreed that they access “sensitive or confidential data” out of “curiosity.”
A multi-prong approach to user access
There are numerous tools for user access management. When it comes to network infrastructure management, Uplogix extends role-based administrative access policies to devices with detailed auditing and reporting for compliance when the network is up, or down. Some of the specific cybersecurity functions include:
- Maintain and enforce AAA (Authentication, Authorization and Accounting of the state of the network. Under normal circumstances, Uplogix Local Managers (LMs) integrate with remote multi-factor authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
- Prevent unauthorized user access by automatically closing idle sessions, eliminating a potential security gap. Uplogix also ensures that the right users have the right access by enforcing granular, role-based permissions.
- Enable audit and compliance reporting by constantly logging all changes made to managed devices and the results of these changes.
- Eliminate modem security issues with call-home connectivity. Uplogix appliances always “dial-out,” never allowing in-bound dial-up requests, to restore connectivity when the primary network connection goes down, closing common security holes.
- Improve overall security by restricting access to specific IP addresses and encrypting passwords stored in the database, and by automating management functions related to security enforcement, like updating the access passwords on hundreds of managed devices at once.