Call it the Data Breach Disconnect. A recent survey of IT security executives conducted by Courion®, a market-leading provider of intelligent identity and access management (IAM) solutions, reveals that while IT security executives understand the risk factors that lead to a data breach, their own organisations’ may not be able to effectively remediate those access risks.
For example, 72 percent were certain their organisation enforces a “least privilege” policy where employees only have access to what is needed to perform their daily duties, but 43 percent admit their organisation is unaware when access privileges are increased or when access behaviour departs from the norm. And an overwhelming majority, or 97 percent, acknowledge that misused or stolen access credentials provide a network entry point for hackers, but only 29 percent are confident that their organisation is able to detect improper access.
“IT security executives are under tremendous pressure to provide open access to stakeholders while at the same time controlling access risks in the face of constant attacks,” said Kurt Johnson, Vice President of Corporate Strategy for Courion. “Beyond perimeter defence, effective identity and access management is the answer to minimising the likelihood or impact of a data breach, and IAM is made much easier with the diagnostic capabilities of identity analytics and intelligence.”
Evidence of the need for a more intelligent approach to IAM is demonstrated by the fact that 43 percent of respondents know someone whose organisation has suffered a data breach in the last six months, and 84 percent agree that it is not whether your organisation will be breached, but rather, what you are able to do to reduce the damage of a breach.
With an identity and access intelligence solution, like Access Insight™, organisations can quickly and easily uncover access vulnerabilities, such as excess privileged access, users with entitlements gained through nested and inherited access rights, or orphaned accounts that need administrative oversight. Access Insight can be used with any leading Identity Governance and Administration (IGA) solution to reduce access risk and improve ongoing IAM operations.
