In our previous blog post, we considered the problem of privileged user access and started to discuss the subject of privileged user monitoring. What is privileged user monitoring, and can it be carried out without damaging trust within the organisation or business?
Qualifying Your Privileged Users for Access
Privileged user monitoring first identifies those within the workplace who qualify as privileged users; in our last post, we saw how this qualification will be different in each organisation but is usually those with some degree of seniority, and a working need for broad, or even unlimited, access. Such access is often across many areas of operational and backup systems, and can frequently be unsupervised.
The second stage of the process sees the monitoring itself introduced. The monitoring seeks to include the supervision that may otherwise have been lacking. The form the supervision takes will depend upon the business itself, but Abilott have an enviable fund of talent and experience at your disposal, being able to formulate and then action monitoring protocols and training.
The Nature of Privileged User Monitoring
In what form, though, will such monitoring take place? Abilott have put much thought into how best monitor privileged users, with the goal of not destroying any good spirit or morale in the company. The critical issue is trust. As we have discussed prior, trust is vital in all the relationships in life; the home, friends, and at work. Just as customers must trust the business, so all those in the business must trust each other. The alternative is division and a negative, put-upon atmosphere, which we all appreciate as less than ideal in the workplace.
So how can you go about monitoring privileged users without losing the trusting relationships on which good business relies? Over the years, many different approaches have been tried, but one that has shown positive results time and again is an automated blanket approach, across the board. What does this blanket approach involve, and why has it proven effective? An automated approach makes the monitoring impersonal, machine-oriented, rather than making the user focus on another human member of staff. It is a horrible feeling to know that you are being watched, and the feelings of suspicion, nervousness, even dread, that direct supervision can create are not conducive to good productivity.
The exact mechanics of automated monitoring will need to be tailored to each business’ situation, but broadly speaking, they avoid creating a locked down scenario that can make work feel oppressive. It also avoids a good deal of the busy-work that can result from human-led permissions and passwords systems. Instead, the blanket automated approach makes everyone equal, and equally responsible. The increased notification of this individual responsibility will increase awareness, which in turn will reduce the accidental incidents that make up so much of the current crop of insider threat. This reduction of overall insider threat incidents will then contribute to an eased identification of malicious insider threat. The improved identification of genuinely malicious internal elements will allow businesses to safeguard their reputation, their client base and the trust within their operational departments. Discuss the options for your business with Abilott today; they will be delighted to assist you.