Blog article
See all stories »

While Not the Enemy, Mobility Highlights the Need for Access Control

One of the benefits we’ve seen rise out of the very public and high-profile data breaches featured in the news recently is a certain level of awareness around cyber-security. Organisations of every size are waking up to the importance of implementing a considered and thorough security strategy, and are proactively taking a closer look at how they store their data and who has access to it.

GCHQ recently published their guide on corporate network security, offering advice to organisations on how they can go about protecting themselves in cyberspace. The report particularly highlights the threats posed by employees, and calls for an end to bring your own devices (BYOD) in the office.

However, increasing mobility within the IT infrastructure is something we can’t stop, and we’ve reached a point with mobile working practices that we can’t go back from. It seems, therefore, that the government’s advice on bringing an end to BYOD will fall on deaf ears, as employees now routinely expect this level of flexibility.

Despite this, I believe the sentiment behind the official recommendations represents a necessary and positive step towards thwarting the rising threat of data breaches. As opposed to abandoning BYOD altogether, organisations should be turning their attention to managing this mobile trend by implementing appropriate strategies designed to manage the risk.

Aside from warning against the risk of mobility among employees, GCHQ’s document also cites managing user privileges as one of the top threats for companies with regards to cyber security – an element of security that I too believe is widely overlooked. More than half of security breaches are said to be caused by current or former employees, and of those cases, most cite privilege abuse as the central cause. This is a security issue that can most effectively be addressed through improved access controls and Identity Analytics and Intelligence (IAI) solutions.

Improving access controls is a smart addition to any organisation’s security equation, but it is often overlooked as an effective risk deterrent. Consider the following – in a large organisation, there are thousands of employees, suppliers and hundreds of data servers and applications scattered across multiple on-premise and cloud environments. This complexity creates millions of access points that can potentially expose an organisation to security risks. By having complete transparency into access privileges, businesses can ensure that only the right people can access certain resources, for only the right reasons. 

Identity Governance & Administration solutions that are equipped with identity analytics capabilities allow organisations to monitor how sensitive data is being accessed and used within the organisation. Real time access intelligence systems are able to monitor and analyse multiple access risk factors as they are changing. Translating this real time data into visual representations of access risk is key to understanding where the greatest security vulnerabilities lie and what is causing them. There may be no going back now for mobile working practices – but there’s certainly a way forward for managing the possible risks.



Comments: (0)