There’s a safeness in the peril of privileges.
Apps will install. Functionality will work. Files will
transfer. Jobs will get done.
There is no safety in friction for users or their managers.
They perceive safety in leeway, flexibility, and exceptions. Security is none
of these. They trust themselves…after all, nothing has happened so far.
Malware shares this yearning for safeness. Good and evil feeling
safe in the same space. A safeness that is both useful and frictionless.
Useful enough that troubleshooters escalate privileges as an
alternative to finding the root cause issue.
Frictionless enough that support forgets to turn privileges off
after testing or while surfing the web.
The wise cyber security practitioner knows that controlling
privileges isn’t about privileges at all. It’s really about replacing the same
feeling of safety to users. Not a false safeness that is a siren’s call of self-interest,
but a real level of safety in which approved apps will still install, functionality
will work, files will transfer, and jobs will get done without risking the
organization with every mouse click.
Alain de Botton once said “in the oasis complex, the thirsty
man imagines he sees water, palm trees, and shade not because he has evidence
for the belief, but because he has a need for it."
Embrace the safeness and the need. Empathize, and then work
to replace it.
Follow me on Twitter for the latest blog updates: @Opinionatedsec1
SEE ALSO
No comments:
Post a Comment