How many times have we heard a news story where a user unintentionally exposed their credentials causing a data breach. Sometimes it’s a social engineering attack (hi, I’m from the help desk and we need your password…), a phishing attack (click here for a free month of movies…), or just negligence on the part of users (I left my smart phone in the taxi – should I have told IT about that?).
Even worse are the users who maliciously abuse their privileges for their own personal gain, either by selling them to a criminal or participating in theft themselves.
Users are the weakest link in security, which is why identity and access management (IAM) has become such an important security tool. While IAM traditionally has been implemented as a means of making business user’s lives easier, make no mistake – it is a security control as well.
But IAM has evolved. Identity governance has joined IAM to form what Gartner calls Identity Governance and Administration (IGA). Identity Governance promises to reduce the number of credentials through regular reviews of access by business managers, effectively reducing the attack surface of privileges to only what is necessary.
The problem is that the reality of IGA falls far short of that promise in most organizations.
I’ll be providing the top 10 ways that users expose organizations to data loss at the Gartner IAM Summit at Caesar’s Palace in Las Vegas on Wednesday, November 30th at 10:15am. This session explores real-world examples of malicious and negligent users that will leave you shaking your head.
In response I’ll show you how to implement best practices for preventive, detective and corrective controls in Identity Governance and Administration (IGA) to address the risks that user access presents. This session also provides self-evaluation questions for your IGA program in each of the three control areas.
Hope you can join us for the session.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.