Cyber-Ark Addresses Government Agency Insider IT Security Threats

Cyber-Ark, an information security company that specializes in protecting highly-sensitive enterprise data, restricted user and application accounts, reported that high profile insider breach incidents, such as the arrest of a former Federal Reserve Bank of New York IT employee accused of identity theft, and the rogue Fannie Mae employee who allegedly implanted a logic bomb on the company's network, highlight increasing security vulnerabilities in the public sector.

To better protect highly sensitive information against internal and external threats, Cyber-Ark recommends government agencies more closely examine how privileged accounts, those with carte blanche access to critical networks, systems and applications, are being monitored and controlled.

Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users who accidentally or deliberately damage IT systems or release confidential data assets, according to a Cyber-Ark survey. These accounts are often neglected and session activities are difficult to monitor due to their anonymous nature, while privileged passwords can be hard coded inside applications, scripts and parameter files, leaving them unsecured, rarely changed and visible to the world.

The risk of internal data misuse can be mitigated by implementing policies and technologies that provide special treatment for privileged identities. In accordance with newly-proposed Consensus Audit Guidelines, which suggest automated and continuous control of administrative privileges, Cyber-Ark helps government agencies successfully address the security threat of privileged accounts and related audit challenges.

"Mismanagement of privileged identities poses serious risks to organizations - in both the public and private sectors - leaving them vulnerable to threats that can be nefarious in nature, or simply caused by human error," said Udi Mokady, president and CEO of Cyber-Ark Software. "Additionally, these privileged accounts are increasingly scrutinized by auditors, and are becoming one of the key reasons that many organizations fail compliance audits. Therefore, agencies must demonstrate more effective control over who has access to powerful privileged accounts and what activities occur during those privileged sessions."

Cyber-Ark's products were recently added to the US Government Services Administration (GSA) Schedule. Through its agreement with government distribution partner DLT Solutions, Cyber-Ark's Privileged Identity Management Suite v5.0 and Managed File Transfer solutions are now broadly available to federal, state and local agencies.

As a result, Cyber-Ark said that government agencies can improve security controls around privileged accounts via encryption, password protection and auditing of system access. They can ensure that administrative and application identities and passwords are changed regularly, highly guarded from unauthorized use and closely monitored, including full activity capture and recording.

((Comments on this story may be sent to newsdesk@closeupmedia.com))

Related terms: ceo, fannie mae, federal, federal reserve, government, local, president, products, schedule, security, software, technology