"Who watches the watchers?", or more concretely, "Who controls the administrators?" has been a challenge for organizations since the mainframe. A recently publicized security breach at a Japanese pharmaceutical company reminds us that this threat is still very real:

The extent of the damage:  the deletion of 15 virtual hosts, representing  approximately 88 virtual servers - all accomplished remotely from a McDonald's - highlights that the risk is more significant than ever.

Companies have long understood the need to control privileged users on physical servers, but in a virtual environment that impact is magnified, as a single person can move, delete, and copy many virtual machines nearly instantaneously.  Organizations must realize that with all of the advantages that virtualization provides, it is more critical than ever to ensure that security is an integral part of the new environment, from fine-grained access controls to privileged user monitoring.

As the newest member of CA Technologies security team (CA Access Control and Virtual Privilege Manager specifically), I'm looking forward to further sharing my thoughts and discussing the challenges of IT security in the enterprise in my upcoming posts. I began my career in network security as an "ethical hacker" at a startup called Guardent in 2000, and I joined CA because I am a true believer in our "Content-Aware" approach to Identity and Access Management. With a true information-based approach to privileged user security, perhaps the next disgruntled administrator will turn off his laptop and focus on his Big Mac.