Skip to main content
banner image
venafi logo

Insider Threats: Seemingly Innocent Shortcuts Can Leave You Exposed

Insider Threats: Seemingly Innocent Shortcuts Can Leave You Exposed

automated security integrated solutions, machine identity protection
March 1, 2019 | Mark Sanders

Certainly, not all insider threats are malicious. But it’s also true that they are not always the result of ignorance about attacker techniques. Sometimes, security conscious people make mistakes because it’s just easier to take shortcuts that help them accomplish basic tasks faster. However, these shortcuts can leave their organization exposed. I had a chance to explore this idea in greater detail a few days ago, while I was participating in a panel discussion on insider threats at Atlanta Cyber Security Summit.

During the panel discussion, my esteemed colleagues covered off many of the insider threat topics that you would expect. We discussed anti-phishing and anti-malware strategies, data loss prevention and monitoring. There was also a lively debate about whether or not user training can effectively reduce risk. In my opinion, training isn’t going to cut it now that we have so many new developments with cloud and with DevOps and with automation in general. In these new environments, it’s not so much about training anymore, it’s about people doing bad things out of convenience and out of speed.

If you try to slow these people down while you are trying to secure them, they're just going to go off and do whatever they need for speed and automation. They don't necessarily mean to do bad things. They just have a job to get done on a very short time frame. Let me give you an example of this that I shared with summit attendees in Atlanta.

Imagine that you have an employee that needs keys and they want these keys on every machine they access. So, what do they do? They bake the keys into their golden image. Then that gold image is burned and cloned and cloned and cloned again. How bad can the resulting key sprawl get? At one organization we performed discovery on several thousand servers and found over a million keys. The organization had only expected to find a few thousand keys.

That key sprawl was not the result of someone trying to do bad things. It’s just that they thought they could take shortcuts to do their job faster and better and easier. And that opened up a very, very large threat surface.

It’s simply easier for someone to use the same authentication credentials, sharing the same key across multiple cloud systems. And many companies turn a blind eye to such misbehavior when it comes to protecting their machine identities. But, on the flip side, when I asked summit attendees if they would allow someone in their organization to share a password that never expires across 50 different servers, their ears began to prick up.

To avoid these types of insider threats, I recommend that you make it easier for your users to follow security best practices. As I mentioned before, training is not always the answer. Instead, you may have more success by implementing policies that actually replace shortcuts in terms of delivering convenience and speed. Sure, policies get a bad rap. Users often view policies as interrupters that don’t make any sense. Indeed, if you have policies that your users won’t follow, then you’re not helping the business, you're hurting the business. That may be why about half of the attendees indicated that they didn’t have policies in place to prevent insider threats.

What I recommend is a "don't fight it, fix it” approach to policies. Why try to force somebody to use a policy that's not good for them? Why not try to find a policy and procedure that actually helps? Your users may then actually want to follow the policy because it helps them better do their job.

I recommend setting up automatic compliance with policies through self-service capabilities. It’s easier for users to request and deploy machine identities. And because it’s automated, you’re always going to end up with machine identities that are within your security parameters. Your administrators, developers and cloud operations folks all gain the ability to do things faster but yet do it in a secure manner. So, at the end of the day, you’ve solved both the problems of speed and security with one solution.

By automating your machine identity protection, you’re actually making it easier for users to request secure keys and certificates. Ultimately, you're making someone that's a potential insider threat and you’re nullifying that risk because you're removing the possibility of the insider threat occurring for reasons of speed or convenience. In other words, you’ve created a situation where the user will actually want to follow good practices and procedures because it makes their job easier, better and faster.

Do you have policies to safeguard your machine identities?

Related posts

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

security automation, key management system, certificate manager

Win-win Policies that Simplify Your Machine Identity Protection

About the author

Mark Sanders
Mark Sanders
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat