Introduction

Billions of dollars have been spent over the last few decades on corporate information technology (IT) security in order to “keep the bad guys out,” but it turns out the bigger threat was and always has been found within the network perimeter. The so called “insider threat,” the trusted employee, contractor, or partner, that can cost an organization more on a daily and/or per-incident basis than any outside hacker could hope for.

Whether we like it or not, “good people do bad things” intentionally, accidentally, or indirectly.

In my 30 years in the IT industry, I have observed and experienced first-hand the impact of major architectural and platform shifts on enterprise customers; the mainframe to mid-range to desktop shift that occurred in the 70s, 80s, and 90s were just the beginning. The typhoon effect of the Web and the impact of major cost reduction through virtualization continued the drumbeat. Our industry, in which I have been extremely proud to participate, is relentless and the changes that are taking place now, through mobile computing platforms, cloud computing, and the impact of social networking internally and externally to the corporation will continue the march forward.

Each of these successive shifts has been accompanied by two major impacts; first, exponential efficiency gains and dramatic improvements in the cost economics of IT. We have all seen and experienced the benefits; increased productivity of the average worker; increased effectiveness of global enterprises to deliver products, goods, and services to their customers; closed-loop feedback from customers on products, services, and company performance that enable business agility.

Second and more significantly, these shifts have driven a dramatic explosion of customer, product, and market data as well as the creation of information-related assets that have become the cornerstone of a corporation's ability to compete and differentiate. This trend will only accelerate. 90 % of the data that exists today was created within just the last 2 years. If the volume of knowledge at the dawn of the 20th century could fit into a small box, that knowledge today would fill a football stadium 20 times over.

It is a pattern of growth driven by such rapid and relentless trends as the rise of social networks, Internet video, and the Web.

This set of dynamics set the bar for IT infrastructure professionals and create the challenges that we live with every day. The problem has become so big and pervasive that IT professionals have begun to refer to this set of issues with one generalized term: “Big Data.” We acknowledge that we are faced with an incredibly complex and challenging conundrum and we are not sure how to deal with it. How do we make this data available for corporate use, but keep it secure at the same time?

Virtually every IT infrastructure professional, the BeyondTrust customer, lives with one underlying nightmare scenario:

What happens if somebody gains uncontrolled access to my IT infrastructure? This infrastructure includes the network, servers, desktops, and databases that house all of my data and information assets. God forbid: how will I protect this in the cloud?

As I meet with CEOs of large corporations, they have one request of our company—keep us out of the Wall Street Journal. Don't let me be the CEO who lost all of my customer's credit card data.

The richness and sensitivity of this information, much of it personal to the consumer, has led to a series of legislative efforts to ensure it is secured. The enactment of Sarbanes–Oxley, PCI-DSS, Basel II, and a host of standards throughout the world have emphasized this importance and indeed actually require our customers to secure their assets.

As IT professionals, we have another issue, our “dirty little secret” that no one likes to discuss openly:

The Most Likely Source of Security Breach Is the Insider Threat

Consider the following data points:

• It is a statistical certainty that your corporate network will be breached
• 71% of all security breaches come from inside the corporation with an insider acting maliciously
• 92% of attacks target servers

This book addresses these issues head–on: the insider threat and how insiders rationalize their behavior, the techniques they use, and most importantly how you can secure them using least privilege technologies. It uses case studies from organizations like yours and mine, the expertise of industry analysts, business and IT managers, as well as compliance auditors to uncover what to look for when trying to mitigate insider threats and the associated costs. We will also share best practices on how not to confuse rank with privilege and how to protect against good people doing bad things. We will also help facilitate securing the “perimeter within,” the physical, virtual, and cloud-based computing platforms used daily by your insiders: employees, contractors, and partners.

I hope you enjoy the book and have some fun with it. The problem is growing and getting more complex. At BeyondTrust, we live every day with a focus on how we can prevent these types of attacks from happening.

John Mutch, CEO BeyondTrust