The NSA's 'Two-Man Rule' and Trust in Your IT Staff

The insider threat has come into greater focus in the wake of Edward Snowden’s admission that he leaked government secrets.

The director of the NSA, Gen. Keith B. Alexander, said his agency would institute “a two-man rule” that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system, writes the New York Times.

“The scariest threat is the systems administrator,” said Eric Chiu, president of Hytrust quoted in the New York Times, Wall Street Journal, USA Today, and numerous other publications as a result of the Snowden incident. “The system administrator has godlike access to systems they manage.”

When insiders attack a company, it’s usually because of an event, such as a denied vacation or being bypassed for a raise or a promotion. There is a 30-day window between trigger events like these and when an employee will take action against an employer. In addition, according to the most recent Verizon Breach Report, the most common way breaches occur is through stolen credentials, brute force attacks, and backdoor/local accounts. The hackers are essentially using sophisticated APTs to steal credentials and impersonate employees to steal data.

Administrative accounts, whether used by systems administrators or bad guys posing as employees, give unfettered access to the systems and data within the organization, enabling theft of confidential, top secret, and financial/privacy information. Whether or not this is to sell on the open market or make public, the results are the same -- damage to brand, loss in shareholder value, and jobs at stake. Virtualization and cloud infrastructures make these problems worse by enabling access to all VMs and other virtualized resources, plus little to no visibility into what administrators are doing.

HyTrust's powerful cloud security is proven with all facets of government to help improve operational efficiency and enhance the security and compliance posture of virtual infrastructure. HyTrust has already implemented the "two-man rule" as part of its Secondary Approval capabilities, requiring additional oversight and approval before sensitive operations are allowed to be performed, including access to confidential information.

HyTrust has designed controls on top of controls working in sequence to all but completely eliminate the chances of APTs, hackers, and malicious/compromised/errant insiders from penetrating and/or destroying your virtual infrastructure. In addition, HyTrust provides continuous Role-Based Monitoring that enables you to see what administrative operations are happening in your environment and compare that against what should be happening, plus rich alerting to let you know when bad things are potentially happening.

View our complimentary on-demand webcast to hear virtualization security experts from HyTrust, our enterprise security and infrastructure partners, and our customers as we discuss how to help you accelerate business innovation and growth with HyTrust virtualization security, and enable your IT organization with a service-based platform for your LOB customers.