5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud

April 20, 2018 Marc Lalosh

5 Reasons Why Privileged User Abuse is a Top Security Concern in the Cloud

Privileged users essentially hold the keys to your kingdom. They have access to a wide array of company data, security controls, workflows, and resources. These advanced permissions enable users to make changes to your Salesforce instance or cloud environment that can put your organization at extreme security risk and even cover up their tracks in the process.

In this two-part blog post, we will first discuss why privileged users pose a threat to your organization, followed by ways organizations can secure their Salesforce and cloud environments to keep the keys to their kingdom in the hands of the right users and prevent privileged user abuse.

First, let’s look at five reasons why privileged users are a top security concern in the cloud.

1) They’re Difficult to Manage

Privileged users inherently have a high level of access to company resources and an understanding of the way your organization is structured. These users are usually administrators and monitors of systems. Essentially, preventing privileged user abuse means you need to monitor those who are monitoring your systems. Say, for instance, your network engineer’s account was compromised and was used to create a new service account. It may be difficult to determine if this access was not legitimate. Was this a part of their job function? Or was this a malicious act on the part of the engineer to cover up their tracks?

2) They’re Considered Insider Threats

The landscape of security has dramatically changed in recent years. Focus has shifted from external attackers to insiders who will not only open the doors to external attackers but will also maliciously or inadvertently abuse access to your Salesforce or cloud environment. According to the 2018 Insider Threat Report conducted by Crowd Research Partners, 90 percent of surveyed organizations felt vulnerable to insider threats. Of those insider threats, regular employees (56 percent), privileged users (55 percent) and contractors (42 percent) posed the largest concern for respondents. Insider threats can include departing employees looking to take your company data to a competitor or privileged users who inadvertently change business-critical controls to your Salesforce environment.

3) Their Permissions Evolve

Users inside your Salesforce and cloud applications often wear multiple hats. This means they often need access to a wide array of company data across multiple departments. As their job roles and projects change, so do their permissions and access. Without proper monitoring, too many permissions changes can be given without approval. User, profile and role permissions in Salesforce should be adjusted according to each one’s role, ensuring that they only have access to information that is necessary to their job function.

4) Cybercriminals Target Privileged Users

Data is no longer just an IT asset – it’s a core strategic asset and is considered the new currency. If you were trying to break into a bank, would you rather go through the trouble of evading digital security measures (i.e. door access, vault passcodes, video surveillance) or would you rather obtain the keys to the bank and pose as a trusted insider? Cybercriminals target privileged user accounts because it gives them the chance to enter your organization’s network and cloud environment under the cloak of privileged access. Oftentimes, privileged users aren’t audited at the depth that would allow employers to raise suspicion – giving them the opportunity to pilfer sensitive data across your organization’s environment.

5) Compliance Considerations

Regulations like FINRA, FFIEC, GDPR, FCA, HIPAA and PCI require stringent security controls to meet compliance in today’s digital era. Information held within Salesforce and the cloud requires careful consideration as to who has access to data and what they can do with it. Privileged users can change permissions, privileges and security controls that can change your compliance posture – putting you not only at security risk but also at risk of regulatory fines and enforcement.

It’s true: privileged users pose a great threat to the security of your organization. However, in order for efficient workflows and business functions, privileged users are absolutely necessary to have in your Salesforce and cloud environments. There are tactics you can employ to secure your privileged user accounts and prevent privileged user abuse. 

To find out what those tactics are, read Part 2 of this blog series, 5 Ways to Prevent Privileged User Abuse in the Cloud.

  • Salesforce AppExchange Review
  • Salesforce AppExchange Review
  • Salesforce AppExchange Review
Start your 14-day free trial of FairWarning for Salesforce

Previous Article
Privileged User Monitoring: 5 Ways to Prevent Privileged User Abuse in the Cloud
Privileged User Monitoring: 5 Ways to Prevent Privileged User Abuse in the Cloud

Your Salesforce Instance or cloud environment can be complicated. It may contain hundreds of users, multipl...

Next Article
5 Hospital Cybersecurity Considerations to Make During a Merger and Acquisition
5 Hospital Cybersecurity Considerations to Make During a Merger and Acquisition

Hospital mergers and acquisitions are now considered common practice among the healthcare industry in the U...