Light Dark
October 24, 2016 By Nick Oropall 2 min read
Identity & Access

Stay Out of the Headlines With Identity Governance and Intelligence

It seems not a day goes by without another news story about a major security breach. Incidents that garner significant media attention include cyberattacks from overseas fraudsters, hacktivist groups and domestic actors. These breaches paint an alluring picture of good versus evil, like a spy movie or something similar to what we would see on television.

Insider threats — which, according to IBM’s “2016 Cyber Security Intelligence Index,” are responsible for 60 percent of all security incidents — are just as problematic but often take a back seat in terms of mainstream media attention. After all, the visual of a criminal in a hooded sweatshirt hammering away at a keyboard is far more intriguing than that of a contractor who was accidentally given too much access.

A Matter of National Security

Keeping the bad guys out is critical, but we’ve recently seen countless examples of good guys — insiders — exploiting access to sensitive materials, intentionally or inadvertently. Authorities arrested a contractor for the National Security Agency (NSA) in August for stealing classified government information, for example. The information was considered top secret, meaning that it could, if disclosed, “cause exceptionally grave damage to the national security,” CNN reported.

Investigators haven’t yet determined the contractor’s motivation for stealing the documents, but we can all agree that even an accidental leak can be disastrous. It’s critical for security leaders to understand what each user has access to. They should grant employees levels of access sufficient to perform their jobs — nothing more.

Ensuring Proper Access

An effective identity governance and intelligence solution provides users with proper access from the start to the end of the user life cycle. It also ensures that all access is approved and recertified throughout the life cycle until properly deprovisioned.

The ability to identify potential risky access and risky users is paramount. An identity governance and intelligence solution that can analyze all user access and help to prioritize risk is a step in the right direction toward preventing insider threat attacks.

Download the white paper: How to design an IAM program

 

 |  |  |  | 
Nick Oropall
WW Market Segment Manager, IBM Security Identity Governance and Administration

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature