With so many different suspects and strategies capable of breaching data security controls in today's threat climate, companies can easily fall into the trap of overlooking obvious answers. One of the more prevalent - and potentially fatal - mistakes observed by analysts from Quest and Microsoft is the laissez-faire regulation of privileged accounts. Simply put, companies are placing too much trust in IT administrators charged with managing their networks and data.

In a survey of global IT professionals conducted earlier this year at The Experts Conference, more than half of respondents told researchers that enforcing and updating user access rights was their top hurdle to achieving faultless compliance. According to Quest and Microsoft, that challenge only intensified when it came to regulating the privileges of IT leaders, or so-called "super-users."

"Privileged Account Management (PAM) will be one of the faster-growing areas of identity and access management (IAM) over the next few years," explained research coordinator Jackson Shaw. "Most of the recent high-profile security breaches, including the UBS Paine Webber attack and the City of San Francisco breach, happened due to lack of control over privileged accounts."

This lack of institutional control can have serious consequences, regardless of company size or which user group the threat originated. According to TechTarget, SQL servers have been particularly prone to insider attacks. Despite the fact that these assets are the essential foundation for a number of important business processes, they are too often a footnote to high-level discussions about protecting sensitive data.

Checks and balances
Whether it's an entry level analyst updating an HR database or an IT executive who has been given the keys to the kingdom, all must be held accountable. As a result, user privileges must be objectively and explicitly assigned on any individual basis - and in a role-based manner.

"Shared and unmanaged administrative access is more than just a bad idea - it's one of the fastest and easiest ways to expose and organization to undue risk, especially since these super-user accounts typically have extensive power over IT operating systems, applications, databases, etc." survey analysts wrote.

Amid this process, companies are also likely to gain perspective on the dangers and frustrations that stem from overly complex PAM frameworks. While many departments have been relying on patchwork solutions in the face of network sprawl, tracing the chain of command back to its roots and deploying a unified data security solution that is aligned with organizational policy will go a long way toward limiting risk and promoting compliance.