Poor User Access, Privilege Controls Threaten Data Privacy

User access rights and security privileges in the enterprise are out of control. So says security software vendor BeyondTrust, which released a survey this week to demonstrate the extent to which employees can unnecessarily access potentially sensitive data and resources.

Titled, "Privilege Gone Wild," (which, in a different context, might conjure images of trust-fund children engaging in debauchery), the survey revealed several key points that likely will encourage IT admins to think more about how they handle user privileges:

That last point might be the most interesting of all, because it reveals that simply having some kind of user access policy in place—which is easy to do using the basic, default tools that are built into most modern software—is not enough to protect sensitive data. True security appears requires more than the simple protections of things such as  user accounts and internal firewalls.

BeyondTrust, which defines itself as "the security industry's only provider of Context-Aware Security Intelligence," is pitching the survey results as evidence of the need for comprehensive, policy-driven vulnerability and privilege management that is adapted to the particular importance and sensitivity (in other words, the "context") of a given resource or database. And in our age of ubiquitous leaks from internal sources, the company may be right. No one wants to be the next NSA.

The full results of the survey, which was based on responses from "265 IT decision-makers including security managers and network and systems engineers across a number of industries," are available on BeyondTrust's website.