There’s a dangerous assumption that remains relatively common in the world of corporate network infrastructure – that system administrators should be allowed unchecked levels of power and privilege. And that’s not just dangerous, it’s security suicide.
Before talking about the issue, let’s just clarify the scale of the problem.
Cryptzone’s most recent survey, examining SharePoint security particularly but the results are an indicator of permission structures globally across the network, found 79 per cent of administrator’s had uncontrolled access to all and every file within the repositories. More than a third (36 per cent) confirmed they, or individuals they knew, had accessed sensitive content through SharePoint that they shouldn’t have been able to open or edit.
This was actually positive news as it demonstrated progress had been made since Cryptzone’s previous survey conducted in 2012. At that time, 40 per cent of respondents said they or someone they knew had accessed unauthorized sensitive content through SharePoint. But that’s little comfort when examining the bigger picture.
According to the administrators spoken to in Las Vegas, 23 per cent gave the impression that they saw nothing wrong in accessing information to which they have unrestricted access, because of their administration privileges. In fact there were some shocking comments when the issue of access controls was mentioned. One respondent proudly claimed ‘I am entitled to see everything,’ while another affirmed ‘Administration access is god mode.’
And it’s this attitude that should sound alarm bells for 23 per cent of organisations – not only are many organisations with SharePoint sites using them to store sensitive content, but more importantly they’re doing nothing to stop administrators snooping on documents they shouldn’t be able to access. It’s not a big leap to the conclusion that this unrestricted view is replicated across the rest of the network.
The growing threat of insider attacks
So why is this a problem?
Abuse of admin privileges isn’t a trivial issue. Insider attacks involving the misuse of permissions aren’t unheard of. In fact many are still feeling the repercussions of one such incident across the globe. It was reportedly through abused SharePoint credentials that Edward Snowden was able to leak a cache of thousands of NSA documents in mid-2013. Just to clarify – the problem is a ‘permissions’ issue, not SharePoint specific. It could just have easily been any other collaboration technology that left the door open for confidential data to be plundered.
A recent Vanson Bourne survey showed how organisations are finally waking up to the risk of insider attacks. Of over 100 UK businesses, 77 per cent named employees’ attitudes to security protocols a top threat, while commercial and non-commercial outsider attacks were cited by 60 and 70 per cent of respondents respectively. A recent piece in The Financial Times reported an MI5 warning that foreign spy agencies are recruiting corporate IT staff to gain privileged access to sensitive computer systems.
The writing’s on the wall – any organisation that doesn’t take the possibility of an employee-led data breach seriously stands to lose everything. Whether there’s a risk of resources being leaked intentionally, or of an individual mounting a malicious insider attack, no single employee should be seen as trustworthy enough to be given ‘god mode’ access.
Of course, there’s another extremely good reason organisations should curb the power of system administrators – god mode also disobeys the mandates set out in multiple regulations affecting all regions of the globe.
A challenge to compliance
A separation of duties and network segmentation are two common threads running through regulations such as the Sarbanes-Oxley Act (SOX), PCI DSS and HIPAA. If your SharePoint site – or indeed, your network as a whole – allows unrestricted admin access, you could be risking non-compliance and in turn, putting your organisation’s ability to operate at stake.
Take SOX as an example. The act, which was passed in 2002 in response to accounting scandals such as the Enron debacle, requires that data flows involving financial records are closely controlled and monitored to ensure their integrity.
With these mandates in mind, compliance auditors regularly flag up unchecked admin privileges as a flaw in the systems they scrutinize.
How can we reduce the threat of privileged access?
Solving the problem of god mode can be tricky. Here’s five tips to help find, and take away, abused administrator powers:
1. Get granular
One approach to consider, rather than giving users the power to access what they want, instead consider turning this traditional approach on its head by securing documents from prying eyes. For example, implement encryption and access rights management at an individual document level.
2. Safe Sharing
With majority of ‘off-the-shelf’ collaboration tools, such as SharePoint, site owners (usually the administrators) are given full permissions by default. There are a number of choices – don’t use those that have this mandate, accept the rule and live with the consequences (which isn’t advisable) or as part of the deployment look to introduce additional robust access controls than the platform provides as standard. There are developer tools and third party solutions available for most of the major collaboration tools and services to help make this possible.
3. Not just an administrator thing:
Of course, it’s not just administrators that need to be curbed – some employees require a greater degree of access than others, but even that shouldn’t entitle them carte blanche access to all information at that level.
4. Additional factors need consideration
Okay, so you’ve got a user that’s entitled to access sensitive information but does that mean you always have to let them in. Consider a good friend, who regularly gets inebriated after 10pm. While you might be more than happy to spend time in their company, come the witching hour you might be less keen. And the same is true of users and your data. Access should be more than just whether the person has clearance, what about the device their using, or the connection. Consider implementing a system that sets strict terms for requests to sensitive content, based on extenuating criteria – such as operating system, physical location and time of day.
5. Be a snail, leave a trail
Whatever your approach, or system deployed, make sure it collects and is capable of producing reports that can identify everything and anything ALL your users do involving your data.
This way, when someone strays into an area of the network they’re not usually seen in, relevant business managers can be alerted at once that an untoward access request is underway.
The end goal is to prevent people from accessing data unless they’re explicitly supposed to. Which camp do your system administrators belong to? Whether they’re SharePoint site owners, IT support team members or heads of IT, there’s a good chance they shouldn’t be snooping on financial and other confidential information. So don’t let them.
By Jamie Bodley-Scott, Technical Product Manager – Identity & Access Management, Cryptzone