Avoiding Privileged Access PitfallsAndy Givens of CyberArk Discusses Critical Considerations
Many healthcare organizations have a propensity to only consider "the front door" when it comes to controlling access their systems, but it's critical that entities look at using privileged access controls throughout the entire "stack" of applications, says Andy Givens of CyberArk.
That includes addressing security "at the database level and the operating system level," he says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.
"From an internal and IT administrator's perspective, there's a lot of data that those accounts and resources expose," he says. "So you want to make sure you're protecting all the way through the stack. Understanding fundamentally where all the accounts live in the organization and how to secure them is an important step to full HIPAA compliance."
In the interview, Givens also discusses:
- Why it is also critical to control access to systems and protect credentials within an applications' code when software is developed or new app features are pushed out to users and public repositories;
- How vendors, consultants and other third parties that have privileged access to an organization's IT systems can become culprits in breaches and other security incidents;
- Problems surrounding weak access controls in medical devices.
Givens, national director on the CyberArk systems engineering team, has more than eight years of experience in the security industry with a focus in identity, cloud, and mobility. He has served as architect of privileged security solutions for Fortune 100 companies and advised customers on overall identity strategy.