Guarding against insider threats

A security breach from within an organization could be due to malicious, intentional behaviour — perhaps a disgruntled employee or someone who wishes to experiment on the corporate network (think of the Office Space plan to plant a virus into the Initech account system). Or it could be a case of accidental misuse, caused by a lost USB key, a computer left behind or an employee who simply clicks on the wrong thing and deletes a user ID. In the movies, cyber-attacks are dramatized through remote access credential caching where someone has a sneaky back door, but in real life, weak administrative passwords and default hidden administrative user accounts were identified as 95 per cent of the root cause of these attacks, according to recent industry research.

Regardless of the root cause, the impact in either scenario can be detrimental to business-critical functions or sensitive customer data. The story of an employee accidently taking an entire corporate network offline with a few wrong clicks of the mouse isn’t a fable. Without the right level of security in a virtualized environment, where critical business applications are stored in data centres and cloud environments beyond traditional IT walls, it’s entirely possible that an employee could access critical hosts and guest operating environments without an IT manager even realizing it until it’s too late. According to industry analyst data, trusted insiders cause more than 40 per cent of security breaches.

These threats have only multiplied as more employees use their own smartphones, tablets and other non-traditional devices to access information via the cloud, sometimes on public, unsecure Wi-Fi networks. All of these “bring your own” devices provide yet another access point for a company’s data and applications – on devices that the IT department doesn’t own or directly manage but often trusts implicitly. This further highlights the need for security checks and balances at the infrastructure level to better control what’s being done. The same could be said for outsourced cloud services – just because information is stored remotely doesn’t mitigate the need to increase transparency and reduce risks. Think of it like a security system for your IT network – with the right solution in place, it’s possible to control who has access to critical applications and monitor how these applications are accessed, setting alerts if an unauthorized person or device tries to access the application.

Managing privileges vs. restricting access

Today’s data centre requires extensive visibility across an ever-expanding set of service, device and application resources. A privileged identity management solution enables the IT department to manage administrator passwords, report on user activities and establish fine-grained segregation of duties across the enterprise to control access to data and applications on the network, whether it’s stored locally or remotely in the cloud.

An identity management solution also provides a mechanism to regulate and audit access to critical services, devices and applications consistently across all platforms, allowing managers to report on server access policies and meet regulatory requirements. This is not only important when it comes to regulating access and security, but also when it comes to IT planning. These reports provide IT managers with an overview of how information is being accessed within the organization, a valuable tool when it comes to identifying the evolution of IT services and how to best spend innovation dollars to keep up with employee expectations.

Centralized management additionally assists the IT department with ongoing pressures to reduce administrative costs. Rather than having to monitor costs manually – something that’s no longer feasible as more applications and data moves online and into the cloud – IT managers can control access remotely and set up automatic alerts when access is breached. This tool is especially helpful for IT departments that are tasked with managing multiple device platforms across several office or branch locations.

But like Goldilocks needed to find the right chair, an identity access management solution has to be just right to really work for any organization. Managing privilege successfully is not as much about imputing controls and restricting access – as an IT manager could do this fairly easily without an identity management solution – it’s about balancing security with the right level of access to ensure employees are still able to do their jobs. To be successful, organizations must first fully understand what the internal risks are, remembering that data is not inherently more or less secure from unauthorized access whether it’s stored on a company’s internal network or a hosting company’s data centre.

It’s also important to understand the workforce and their expectations when it comes to IT. Will they need to be able to access information and applications from remote locations or on mobile devices? Would your workforce be burdened by having to go through a multiple log-in process? The type of data employees are accessing may also impact the type of solution chosen to ensure regulatory requirements are met. A stronger identification policy could be as easy as adding a stronger form of authentication to get access to a specific application, or it could be as complex as setting up real-time, risk-based scoring in making identification and authorization decisions.

Guarding against insider threats is a must for every organization, regardless of how or where your information is stored. Setting up a few additional solutions behind-the-scenes can go a long way in making sure organizational data and business-critical applications stay safe.

Tarun Khandelwal is a Senior Solution Strategist for Security Solutions with CA Technologies in Canada.