2 posts • joined 5 Sep 2008
Im sorry but i dont understand?
So Mr Anonymous Coward, you are saying that because you were given complete access to everything in a job you USED to have, and you didnt steal any data, the survey we ran was not accurate?
And apparantly we SHOULDNT of asked the people if they had administrative privileges because THAT also makes our survey less accurate?
I respect you for your honesty in revealing that you would never steal data (I think I mentioned my respect for all honest admins in an earlier post - apologies if I didnt) but I can only publish what I am given.
Once again, I urge all of you, ONE AND ALL, come to our stand at infosecurity 2009 and take the survey!
And once again, I refer you to the ZDnet survey that was completely independent that came up with the same results.
Not so smiley face, because it seems I'm not longer the most popular person on the reply list......
My name is Mark Fullbrook, I'm the Director for the UK and Ireland for Cyber-ark and it was me that commissioned this survey.
Let me give you some feedback on how this survey was run.
We asked 300 people with Administrative privileges a series of questions at the Infosecurity Europe Show which took place in April in London. How did we know they had administrative privileges? Well we asked them of course!
Once we had established their suitability we asked them a series of questions. Things like:
"Have you ever used your administrative privileges to access information that was NOT relevant to your role?" (That was had over a 30% positive response rate)
"If you left your company tomorrow which of the following would you consider taking with you" - followed by a list of things like Company records, HR records of course, highlighting one which said NOTHING. (we had 88% of people choose somethign OTHER than NOTHING)
There were a few other questions of course, and we intend to publish this as a white paper, but I just want to address some of the responses on this site.
First of all, I find it amazing how many times admins respond to these types of survey with the view that it is the users fault that they have to set up back doors or that they do not need to be monitored because of some God given right to anonymity.
Cyber-ark produce software that provides companies with the ability to automate password changes on privileged accounts, whilst ensuring that Administrators and Privileged users get the full access they have always had. The alternative is to just trust your user base and (from our survey) whilst that is fine for 12 of your 100 Admins, it might be a little foolish for the other 88 (I'm being slighty sarcastic here - but I'm trying to keep in line with the tone of most of the responses!!)
We dont supply companies with software to monitor privileged access because most IT Admins and Privileged Users are good, we do it because every now and again, you are going to have a bad one....... and why give them the opportunity if you dont have to.
Feel free to get in contact with me if you want to here any more about the survey and please, feel free to visit us at Infosecurity 2009 and take the survey yourself, and then you can see if things turn out differently. Personally, I dont think they will.
Incidentally, to those that say "it was fixed" ZDNET responded to an earlier release centered around the "would you use your administrative privileges to access information NOT relevant to your role" question by running their own survey... Guess what? The results were exactly the same.
BIG SMILEY FACE because generally, Im a pretty happy guy..
(I just get a little excited when people say my company is lying)