In fact, according to PwC’s Global State of Information Security Survey 2015, current and former employees are the most cited culprits of security breaches. Who can forget Edward Snowden, the famed whistleblower who leaked top-secret information about the NSA surveillance activities in 2013 and in fact to date, makes the headlines.
That is not all. The Sony breach of 2014 was one of the largest corporate data breaches in recent times with over 100 terabytes of private data stolen. Back in April 2014, AT&T reported a data breach that resulted in customers’ social security numbers and other sensitive data being compromised. The end result was a whopping $25 million fine. The recent attack on the adultery-themed dating site, Ashley Madison, has resulted in the personal data of millions of customers being published online, leaving the business in shambles.
The common thread between these hacks is the fact that they are suspected to be insider attacks.
These breaches are a stark reminder of why internal security is such a concern. While there is no foolproof way of controlling a malicious or disgruntled employee from accessing customer data, the best way to limit potential damage is to restrict access. This is where identity access management (IAM) comes into the picture.
Identity is the new perimeter
The rapid evolution of business IT environment coupled with disruptive trends like BYOD, cloud computing and mobility has necessitated a way to effectively manage identity and access across the globe.
As the traditional security perimeter fades in this new world scenario, identity is becoming the key to filling these gaps. IAM places security on a different plane entirely with a proactive approach to monitoring and connecting every activity with a unique identity.
While there is no simple solution to IAM, there are some best practices that security professionals should keep in mind:
1. Maintain a centralized directory service: Admins should have full access to instantly view and modify access rights
2. Create unique user accounts: Every employee must have a unique user ID and password. This ensures that all the related activities can be tracked by his unique credentials.
3. Manage roles: Permissions are best managed within groups rather than assigned to individuals. This is a convenient approach that groups multiple users at one go and assigns or reassigns permissions based on their roles and responsibilities.
4. Implement automated workflows: These workflows enable managing access request and approval with the option of multiple levels of reviews and approval
5. Enforce a strong password policy: Strong password policies are the frontline of defense to confidential information and help protect resources against unauthorized login attempts
6. Grant least privilege: Ideally, users should be granted the minimal amount of access required to perform their roles effectively. However, this is a difficult and contentious principle based on trust and requires all stakeholders to be involved prior to defining privilege access levels.
7. Use additional security for privileged users: You can enable multi-factor authentication for sensitive applications via one-time passcodes, SMS, voice calls, emails, etc. High risk activities (e.g., root, admin) also need to be closely monitored and reviewed for suspicious activities
8. Regular audits: All accounts should be audited regularly to track inactive users, privilege escalations and group memberships
9. Create lock outs and alerts on access violations: Reports for suspicious access and authentication activities. Multiple login failures should be reviewed on a daily basis.
10. Adhere to compliance rules: Compliance minimizes the burden on the IT team while ensuring that regulations are met
Identity and access management can do away with the complexities of reviewing behavioral data while providing an effective platform for managing risks across the board. With IAM intelligence at your fingertips, it becomes easier to maintain constant vigilance and mitigate potential breaches early in the attack cycle.
The success of an IAM program depends on the interaction between processes, technology and people. Simply put, it requires the buy-in of key stakeholders across functions, and not just IT, to ensure that any IAM changes progress smoothly and with minimal disruptions. Done right, IAM has the ability to advance the overall organization’s security posture while ensuring that sensitive data stays secure. There is no better time to get started than now.
The author is CEO, infrastructure management services and security business, Happiest Minds Technologies