Intel is an interesting place to work as a Security professional. Everything has to be possible so you can’t say “no”. Requests like can I get email on my fridge at home are not common but we do get them.  Often in the back of your mind you think “why would anyone want that” but I have learned to be open minded (when email first came out I could not see the point in it and thought it would never take off).

 

My passion is kayaking, I enjoy remote rivers which challenge me and really push my risk management skills to the limit. Well November last year I was paddling in South Wales and had an accident landing me in a wheelchair for 3 months (bad risk assessment day!!).

 

Day one of hospital and my only communications tool is my mobile phone, which of course gives me company email, Calendar and contact information.  This is now a critical tool and my primary work device. As soon as possible I’m cancelling meetings and trying to let people know what’s going on. All of this on a 4 inch screen including the keyboard.

 

Right next to my bed there is a full sized keyboard attached to the hospital information system; you can pay to get internet access, movies etc. This was the obvious tool for my email.

 

I have often been asked about allowing employees access to email from cyber café locations and it was one of those “why would anyone want to do that” thoughts. After all they have email on their phones and most employees have laptops. The Security implications of allowing email from anywhere are really scary for what feels like little gain.

 

Intel at the time was running a Proof of Concept (PoC) allowing employees to connect from any terminal to get email and I had been working on the security requirements for this testing. Well I never managed to get my email working via the hospital information system, there were too many security controls in the way, both on the Intel end and website blocking at the hospital end.

 

My use case felt like a very rare example.  Speaking to other employees, most had a rare one off example where “Email from anywhere” would have made a big difference. This begs the question of how many one offs put together make the need for a solution?

 

Dynamic security policies that adjust as a user moves from device to device, changing access, are the way forward. We do this in the mobile device world and are starting to with the larger from factors but now need to think about moving this from the exception to the norm. We also need to be able to evaluate the human element. Employees with good security practises should be able to work from more dangerous places.  I trust myself to look after my company’s data, there are others that I trust but how can you make that into a system which is fair? I think we need a security merit based system for people.

 

As for me, well I’m now walking in a limited way and had plenty of time to come up with new ideas!

 

Rob

I am from Intel IT Automation.  I’ve been involved with server operations for quite a while now and for those of you with a background in Linux, granting super user (or administrator) privileges to a non-privileged account is not a new concept.  Linux (not excluding UN*X)  variants, have long implement “sudo” to granularly grant root access for specific tasks to specific users.  Many Linux based datacenters employ this form of privilege management as opposed to granting full on root access.  This is true for both system and application administrators alike.   

 

  For a very long time this has not been the case for other mainstream enterprise operating systems.  Granularity of control was not there.  As a consequence, many IT organizations opt to grant full administrative privileges to individual servers as needed.  Side effects of such management include loss of accountability, tracking of changes and not to mention exposure to Intellectual Property (IP) risks.  For example:  As the server administrator, with full privileges, I can theoretically access any file or database which resides on the system making enforcing IP  guidelines extremely difficult if not impossible.  We are then left relying on the he “Honor-System” until something goes wrong.   That’s like giving the cable technician the keys to your home just because you don’t want to wait around from 8am-5pm for them to show up.   I don’t know of anyone who would do that.  However, would you give your keys to your neighbor, to feed the cats, while you are on vacation?  What if they forgot to lock the front door?  Not a malicious act but could have bad outcome.  I give that analogy because human nature wants to trust familiar people.   We fail to recognize threats within non-malicious scenarios.  Many people do not take into consideration that malicious applications can use system vulnerabilities to gain access to systems assuming innocent user accounts.  If those accounts happen to have full admin privileges without any roadblocks, then so do the applications.

 

   Third party vendor solutions have matured to a point where there are multiple enterprise solutions which provide what’s known as “Least Privilege Management”.  Least privilege management does to application control what the Firewall does for network traffic.    User Access Control (UAC), the most basic form, was introduced in a few operating systems over the past few years.  It requires one to confirm core system changes with an administrative password, thus preventing unintentional changes by the administrator.  Today security conscious fortune 500 companies have spurred a new security industry boom, inspired by least privilege management.  Many third-party solutions today, incorporate UAC policies, where one can specify which applications can be run by which groups of users (including command line options allowed), provide logging and auditing mechanisms as well as an ability to turn the report into a policy for fast turnaround, making policy creation relatively painless and non-intrusive.

 

  To sweeten the prospect of securing our systems, Gartner (in “Making the Most of Windows 7 Security”, Dan Blum, August 2010) has correlated reduced management costs of locked down systems.  Obviously, in the short term there will be some getting used to this new mode of administration and I expect a small increase of overhead, so it may not seem cost effective at first. However eventually users will get used to the mode of operation as they did to firewalls.  The added security and locked down features will eventually offset this overhead.

Filter Blog

By author:
By date:
By tag: