Security threats are everywhere.
Yes, even to companies with the best firewalls and intrusion prevention systems. That’s because no matter how much your data security guards against breaches, your greatest vulnerability lies within your perimeter.
It lies with your people.
Insider threats are a rising concern for data and cloud security, and for good reason. Consider the case of Alphabet, Google’s parent company that filed a lawsuit against a former engineer accused of copying and sharing 14,000 files. Ponemon Institute’s 2016 Cost of a Data Breach Study found the most common causes of data breach involved:
- 65 percent employee or contractor negligence.
- 22 percent malicious employees and criminals.
- 10 percent outsiders using stolen credentials.
If you feel your organization has not focused enough on insider threats, you aren’t alone. Seventy-four percent of companies feel they are vulnerable to insider threats. Add to this the fact that more than half (53 percent) of companies estimate remediation costs in the hundreds of thousands, making insider threats a top priority for data security.
More Access, Less Risk
Access governance (AG) aims to reduce security risks associated with employees, contractors and other users by preventing unnecessary access privileges. Identity access management (IAM) is the first step to limiting access to your sensitive data by malicious or negligent users. While much of this can be automated with an AG solution, your organization will still need to implement it effectively.
Need an implementation plan? Here’s a five-step approach worth trying:
- Map Departmental Hierarchies to Necessary Resources: Work with department heads and human resources to collect information about employees, their location, department, title, job role and any other information necessary to determine their place in the departmental hierarchy. Identity management is the first step towards building an access foundation.
- Compare User Rights to Ideal Data Model: Once your users are categorized accurately, compare the access rights they now have to your ideal AG data model. You will find that users or entire departments have access to data and systems that they have no use for.
- Implement New Access Rights: Prepare your IT department to be flooded with issues, as there will be small exceptions that must be reviewed to determine if a user needs additional permissions. Rely on department heads to evaluate requests for additional access to validate them. If many people within a role or department are requesting access denied to them, then a new rule might be needed or an evaluation of your existing rights could be in order.
- Automate Management: Even after the initial access requests are dealt with, there will be daily access management required as new users, solutions and tasks are added. Rather than devoting multiple people to maintaining AG, automation can ease some of the maintenance tasks and reduce the strain on your data security team.
- Maintain and Iterate: Even with an AG solution, your team will need to undergo some access management and constantly iterate on the model you’ve developed.
Insider threats will always be a looming concern for your business, but AG can help you minimize and contain them. With a solution like Simeio, you can protect yourself from insider threats and automate the management of access certifications, segregation of duties enforcement, role management and identity proofing.
Interested in learning more about identity and AG to reduce your exposure to unauthorized or inappropriate access? Visit Simeio online for a range of useful information and resources on access governance.
Contact us to learn how we can customize an AG and IAM solution for your business.
With almost 20 years of writing and editing under her belt – including CNN and HomeDepot.com content – Jayne is currently immersed in cybersecurity, #AI and infosec trends. She’s is the Editor in Chief of this blog and the Director of Content and Social for Simeio Solutions.