It seems that every other day we hear of or read about a data breach. Yet it’s chiefly the big-brands and other high-profile companies – or in the case of Ashley Madison, controversial ones – that get the most airtime. Imagine just how many incidents we don’t hear about. It’s estimated that on average there are more than four breaches per day, the vast majority of which never achieve notoriety.
[easy-tweet tweet=”Imagine just how many #data breach incidents we don’t hear about” user=”comparethecloud @sailpoint” hashtags=”infosec”]
With SMBs and large companies in the list of those exposed, it’s an undeniable fact that no company is safe. Last year there were at least 1,400 data loss events recorded, releasing over 169 million records. The common thread with all these data breaches? Someone inside the company did something they weren’t supposed to do.
Exposure points have evolved
As hackers become increasingly more skilled at breaking through perimeter defences, new technologies are needed to help secure enterprises and their data silos. Just as we have evolved our thinking about how our employees work and access data, so too have we evolved our approaches to protect against digital threats.
new technologies are needed to help secure enterprises and their data silos
If this past year has shown us anything, however, it’s that network security alone is no longer sufficient. The perimeter that once held our information safe has been eroded. Instead of brute force attacks and SQL injections being the norm, intruders have begun to favour social engineering as the primary attack vector, allowing them to instigate a breach from within. Phishing emails and other means through which people inadvertently release information represent the greatest threats to companies today.
A billion points of exposure
Companies operate with multiple internal and external users entering their systems and accessing their data everyday: employees, contractors, vendors and suppliers, partners and customers. Considering the sheer volume of users, applications and various levels of data access, it is easy to imagine an enterprise managing over a billion points of access. These points of access can easily become points of exposure. Out of those billion points of exposure, it only takes one to be compromised for an organisation to suffer damage worth millions.
[easy-tweet tweet=”The #security vector companies need to focus on is human” user=”comparethecloud” hashtags=”infosec”]
This should imply that the security vector companies need to focus on is human, but it is something they seem to struggle with handling today. Whether intentional or inadvertent, people cause a large portion of data breaches, and likewise are responsible for some of the largest breaches we have experienced. As hackers advance their strategies, more data breaches will occur from users doing something they weren’t supposed to do.
Identity is everything
With the inevitable occurrence of a data breach, the network perimeter disappearing and the ever-present risk from the human vector, organisations must adapt and secure their best asset and simultaneously their greatest threat: their identities. User identities “hold the keys to the kingdom,” and for an organisation to be safe, securing those identities is everything.
identity management must be at the core of an organisation’s security programme
To do this, identity management must be at the core of an organisation’s security programme. Since identities are most likely to be targeted, securing them must be the top priority. By focusing on all the systems to which users connect, whether they are on-premises or in the cloud, security can be holistic. Only when IT departments have all the information can they make the right decisions.
The good news is that managing this complex network of users, systems and access is possible for IT departments with the right technologies. Those billion points of exposure are dynamic, constantly changing and extend beyond the physical walls of the enterprise to customers, partners, vendors and contractors. Therefore, organisations require a governance-based identity management solution. One that can holistically and automatically manage identities at granular levels.
[easy-tweet tweet=”The points of exposure are dynamic, constantly changing and extend beyond the physical walls of the enterprise”]
By employing a governance-based approach to identity and access management (IAM), knowing “who has access to what” is possible for all users and the applications to which they have access as they move in the company throughout their lifecycle. By harnessing a user-centric approach and integrating all the systems together (such as data governance, network security, user behaviour analysis) into the IAM platform, IT would now have visibility into the entire security ecosystem. Only then can the organisation truly put identity at the core of its security and protect their most crucial information.