ID & Access Management , Technology

Avoiding Privileged Access Pitfalls

Andy Givens of CyberArk Discusses Critical Considerations
Andy Givens, national director, engineering, CyberArk

Many healthcare organizations have a propensity to only consider "the front door" when it comes to controlling access their systems, but it's critical that entities look at using privileged access controls throughout the entire "stack" of applications, says Andy Givens of CyberArk.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

That includes addressing security "at the database level and the operating system level," he says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

"From an internal and IT administrator's perspective, there's a lot of data that those accounts and resources expose," he says. "So you want to make sure you're protecting all the way through the stack. Understanding fundamentally where all the accounts live in the organization and how to secure them is an important step to full HIPAA compliance."

In the interview, Givens also discusses:

  • Why it is also critical to control access to systems and protect credentials within an applications' code when software is developed or new app features are pushed out to users and public repositories;
  • How vendors, consultants and other third parties that have privileged access to an organization's IT systems can become culprits in breaches and other security incidents;
  • Problems surrounding weak access controls in medical devices.

Givens, national director on the CyberArk systems engineering team, has more than eight years of experience in the security industry with a focus in identity, cloud, and mobility. He has served as architect of privileged security solutions for Fortune 100 companies and advised customers on overall identity strategy.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

Marianne Kolbasuk McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network