Guest Column: Nothing is lost when identities are known

By on

It comes as no surprise that the largest threat to corporate security originates from within the organisation. The impact of insider threats can damage relationships with key stakeholders including customers, inevitably resulting in loss of sensitive intellectual property and ultimately revenue.

The most alarming repercussion from such incidents is that in most cases the enterprise had a corporate security policy that was capable of avoiding the intrusion had processes been followed. When the incident is reviewed it is clear that a lot of the time the fault doesn't lie with the policy or processes themselves but with people, information systems budget, lack of resources and systems that permit discretionary configuration.

An organisation with many facilities, thousands of employees and partnerships with third-party contractors may find it can be an extremely difficult task to provision resources in line with corporate policy, with limited resources from the service desk and budgetary pressures due to the global financial crisis. It becomes a crucial role of the CIO to ensure that the organisation is capable of cost-effectively streamlining the tasks of provisioning roles and responsibilities of all resources and that each entity is accountable.

The largest security hole in the network is, by far, the user. Your business needs to efficiently provide access for extranet partners, suppliers or vendors to confidential information securely and seamlessly. An Identity and Access Management (IAM) solution allows businesses to mandate strict automated process control and build compartmentalised roles to deal with specific job requirements.

If a new user is introduced to the organisation the accounts and privileges necessary to complete the job description can be rolled out across the enterprise automatically. The customisable provisioning or revoking of resources, along with self-serve portals that can allow the user to reset their own password, decrease the service desk overhead enormously. This means employees don't waste time requesting passwords, while service desk operators don't waste time resetting user accounts on multiple directory servers, application servers and workstations.

An employee may have many roles in an organisation and it can be a difficult task to remove all access to the resources assigned to the user when they change positions or leave the organisation. In the situation of a disgruntled employee, the tedious task of removing access is a perfect and large enough window of opportunity to steal intellectual property, sensitive financial records or customer data.

The IAM solution allows an administrator to revoke all of the employee's access instantly with enterprise-wide lockouts. Resources can be controlled with least-privilege not only in policy but enforced so that employees can not make changes that breach security policy. If a process was to change in accordance with a new security standard or practice, the manager can easily sign off on the new workflow and implement the changes.

In earlier days before hackers conducted sophisticated attacks, a person could simply take a dictionary list and brute-force password credentials because weak mnemonic practices were used by people to remember their passwords.

It still amazes me how many penetration tests we conducted that reveal simple dictionary words and usernames for accounts with significant security privileges. This threat can be addressed by enforcing that all passwords across the enterprise conform to strict standards specified in the enterprise security policy.

Centralised management of the IAM solution allows administrators from different business units to export and review detailed usage reports. In several products this data can be exported to other reporting technologies for further review and analysis. This makes compliance reporting and tracking information disclosure painless because the IAM will track user accesses and activities within a business role. This provides evidence to auditors that processes are being enforced across the board and that users are not provided with access to unnecessary assets.

Today's economic climate may make the executive board a little nervous to invest in a successful IAM solution due to technology, training and human resource costs. Stigma regarding IAM has propagated throughout the industry because of solutions that failed due to lack of resources to manage the project and administer the identity software.

An outsourced solution can provide the benefits of IAM without the huge initial cost of ownership. A managed service provider can supply experts to deploy, configure and maintain the infrastructure, while your organisation specifies and constructs policy and process models. This ensures you have a sophisticated low-cost solution with a high return on investment.

Identity management helps increase the overall business to maintain strict, auditable control over employees, partners, customers and suppliers. It is an invaluable tool that automates many business processes to ensure the organisation is safe and secure.

The ability to aggregate and centralise management of time-consuming tasks decreases administrative overhead, enforces compliance, streamlines security processes and allows information security managers
to have enormous control over their business.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
are identities is known lost nothing security when

Partner Content

Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?