IAM helps fight the insider threat

Simon (2)The past few years have seen a flood of breaches and hacks littering the headlines around the world. While a big fuss has been made about cyber-security in the wake of these events, there has been little noise about security within the business.

The insider threat should never be underestimated, says Simon Campbell-Young, CEO of First for Phoenix. “Current and former employees are more often than not the culprits when it comes to security breaches. This is not to say only malicious, deliberate insiders, but accidental and careless ones too,” he says.

“Think Sony in 2014, which was cited as one of the biggest corporate data breaches in history. Think Target. Think Ashley Madison that had guilty husbands around the world tossing and turning at night. That incident left the business in tatters. AT&T too suffered a breach that saw sensitive customer data being leaked, and resulted in a massive $25 million fine. This shows that consequences can be financial as well as reputational.”

What links these attacks is they are all suspected to have resulted from insider malice or negligence. These breaches are a wake-up call regarding internal security. While there is no silver bullet that can prevent a dissatisfied staff member from sharing sensitive customer information, the best way to limit the potential fallout is to restrict access to this sort of data. This is where investments in identity access management (IAM) tools come into the picture.

According to Campbell-Young, identity is the new perimeter. We need to remember that trends such as BYO, cloud, social media and mobility have driven the need to effectively manage identity and access from way beyond the company walls. “Traditional security perimeters are no more. The business environment has evolved, and with it, security must evolve too. As the perimeter dissolves, identity becomes key to filling this gap, as IAM removes the need for fixed perimeter controls, as it monitors and connects each activity with a unique identity.”

He provides some tips to effective IAM that security practitioners should bear in mind when adopting IAM. “Ensure a centralised directory is put in place. Those with admin access must be able to access this instantly, to view and modify access rights as and when needed. Also, create unique user accounts, so that every staff member has their unique ID and password. In this way, specific users can be traced via their credentials.”

He adds that automated workflows are also useful as they enable access request and approval to be managed with the option of several different levels of reviews and approval. “Have and enforce a strong password policy. Passwords are core to defence and the protection of sensitive information. They also help prevent unauthorised access of this data” he says.

“I cannot stress enough how important it is to enforce the principle of least privilege. No-one should have access to any data other than data that is strictly needed for them to do their jobs.  Grant users the very minimum amount of access needed to accomplish their tasks and be effective within their roles.”

Further to this point, privileged users should have additional security controls placed on them. For example, multi-factor authentication can be useful. Campbell-Young explains a perfect combination would be something you need to remember, such as a password. Something that you carry with you, such as a fingerprint. And something that is sent to you, for example a token or password that is emailed or smsed to you.

“In addition, monitor high risk activities, such as root access and admin access extra thoroughly. In this way, any anomalous or suspicious activity can be immediately identified. Following on from this, create lock outs and alerts on any access violations, such as suspicious access and authentication activities. Check for multiple login failures, and review these at least every day. Also, conduct regular audits, to keep a handle on groups, inactive users and privilege escalations. Finally, maintain any compliance requirements. Doing this will help the IT department out, and prevent the business from falling foul of any industry regulations.”

He adds that IAM tools can help with a lot of these different points, and the success of any IAM initiative needs co-operation between processes, people and technology. “IAM can help simplify the reviewing and analysing of behavioural information, while giving the business a solid platform for managing the various risks faced by entities today. It helps to maintain strong vigilance, and to prevent threats that can be identified, and to mitigate those that might have wormed their way into the network,” Campbell-Young concludes.