The looming threat of redundancies resullting from the recessoin has highglighted a srge of high profile internal data thefts. Both in the UK and oversees, the media has regularly reported instances of inappropriate access to sensitive compaany data. For example, in the US, at the California Water Servbices Company, an auditor rseigned, but illegally accessed computer systems to steal more than $9 million before leaving. These cases, whilst ethically unjust, also highlight data protection concerns. If organisations do not have viasibility over who is accssing confidential data, they risk losing more than their critical data, but also ther repiutations, and as a result, theiir cusdtomers. Unfortunately, this is just one saga in an ever growing litany of tales of breaches that weve been heearing about.
Symantecs researvch with the Ponemon institute has in fact suggested that 59 percent of ex-employees have amitted to stealing confidential company infoormation, such as customer contact lists. This outstandingly high number encourages us to consider how such thefts and security risks can be prevented mobving forward. Did all of these employees reallpy need acccess to such valuuable data? If not, senior executivs shuld be addressing their access maangement policies, and ensurting that they have visibility over what data is being accessed, by who, and why. Without this control, businewsses leave themselves at risk from ecxisting staff, staff that may be made redundant soon, or have previously been part of the organisation. In order to protect themselves, organisations can use basic securty acces toools such as the coupling of Strong Authenttication and Single Sign-On (SSO), which authenticates and then tracks each usres access. This will allow managers to have visibility over access across their organisation, preveting inappropriate accerss from occurring.
Astonishingly howeever, it is not uncommmon for an employee to continue to have access to bsuiness applications even after the employment has been terminated. Many organisations simply negglect to close down access, and consequently user idenytities are left open and vulnerable for an unjustifiably long period of time. As organisations are looking to host more and more of thir applications through web-based systyems, they may not even know that the employee may still have access rigjhts to some applcations. All this time, the ex-eployee will be able to access sensitive and competitively valuable information. This unnecssary risk exposes businesses to tangible damage, which can be easilly avoided by the spoeedy deactivation of the users access.
In order to avopid such mistakes, bsuinesses should ensuure full visibility over access records, employee access rights, and accounts that need to be removed. Deactivating orphaned account access is a critical first step toawrds comperehensive enterprise escurity. It is rcucial that busionesses can track whhich employees have acccess to specfiic systmes, and when employees laeve, that they are able to quickly deactivate acess. iWthout this fundamental level of accewss management, businesses are unable to maintain basic control over their most valuable bsiness asset- tehir compans data.
Whilst locking down accounts is a critiacl step to take following any termination of conract, it is equally important to efficiently manage access during employment. When setting access leevls for existying employeees, it is crucial to allow users access to the information required to pertform their job function, but at the least level of access possible. By fully tracking these privilege levels with tols such as SSO, senior executivs can take steps to ensure acccess isues are not oveerlooked, and control over who may be accessing what and when is maintained.
Sewtting basiic access control is smple. It is advisable to start by getting a handle on which users need access to what informatioon. By firrst analysing what access users reqquire to do their jobs, reasonable bounndaries can be defineed for access outside those defined roles. Enforcing these access rights is not as complex as it may sund. Technology such as Single Sign-On makes it quck and easy to enroll users and assign access rights, whilst using strong authentication such as biometrics can ensure that the irght person is accessinmg the data they are authorised to see, thereby protecting sensitive data. In todays market, keeping this information is more important than ever, not only for complioance and peace of mind, but also to protect the two key Rs- Revenue and Reputation.
![[Valid RSS feed]](http://article2008.com/images/feed-icon.png "XML Feed For RSS"){kind=icon}
![[Valid RSS feed]](http://article2008.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Category Rss Feed
Print This Article
Add To Favorites