Insider breaches…outsider breaches…. breaches are breaches. Both can be serious, and both can be prevented. However, one of these breaches falls back on a company’s leadership and management as a serious breach in trust.
The insider breach is almost more serious in its threat because employees may feel betrayed by their own organization for not being vigilant and taking steps to ensure that former employees are locked out of any system they had access to. And of course, companies prefer to keep the unsettling news quiet because of how unsettled insiders in the organization and outsiders could become. (When Target was breached a few years ago, even though I did not have a Target card that could have been breached, it took me years as an outsider to go back to shopping at Target.)
So, this week we hear that Coca Cola had a data breach by a former employee. And we hear that Sun Trust Bank had a data breach by a former employee and these are the ones we hear about. How many more are being kept under wraps for obvious PR reasons?
The ability to expose any information about a company comes from access. And in order to be secure in order to know that access is appropriate…a company must know who has access to what and check on that access periodically with a secure way of checking.
- How much information does an employee need to do the job they are assigned to.
- And how many accesses does an employee have when reassigned…what has been retained but not needed in the new role.
- And how efficient is the system to shut down those accesses when an employee leaves.
At ILANTUS Technologies, we hear many stories about companies who understand the seriousness of access but may do not take access review seriously enough. Accesses are assigned but then reviewed manually. And here comes the problem with manual review…unintentional mistakes which lead to audit failures.
Risks are inherent in user access simply because people can be vindictive or can make mistakes as the access holders or the access reviewers. The access reviewers have to have a process that is risk free and efficient to ensure each employee has the proper freedom of access to the company and that the company is not at risk because of those accesses.
Many companies look at the automated process as expensive. Expensive compared to what? Expensive as compared to the salary of the manual reviewers. We meet with people who tell us that they don’t want to pay any more than what they currently pay. But how much do those manual reviewers cost the company when mistakes are made, be they unintentional or intentional?
According to Bill Gates:
“The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”
Automation does incur cost. However, the ROI is accuracy, efficiency and security. It also requires a mindset shift. How much more of a mindset shift do you need to prevent your company from hitting the front page in the “Today’s Data Breach Report” section.
There is no doubt that user access reviews can protect a company’s greatest asset…it’s information. Is that worth the risk a manual process can pose or is that worth the determination to find an automated security system to keeps the data doors locked tight because proper accesses are keyed into the security system.
At ILANTUS, we know companies need to engage in secure access management. We’ve been in the Identity and Access Management domain since its inception and have never branched away from this core. We take this seriously. Let us show you how that translates into a system that will work for your company.