Identity and access management solutions can mitigate insider threats
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security threat-protection identity-access-managemen... insider-threat iam ibm-security
0 Comments | 4,496 Visits
This post is courtesy of Ronnie Shelley, IAM Segment Manager for IBM Security.
Here’s a quick survey for you. What threat do you consider the greatest security risk to your organization’s data? Botnets? Malware? Would you believe your own employees? According to an April 2012 PriceWaterhouse study, eight out of 10 enterprise data breaches are caused by employee errors. The study points out that several worker-related factors, including employee ignorance, the burgeoning use of personal mobile devices in corporate settings, and successful phishing attacks can cause security breakdowns in any organization. Attackers are looking for the weak links, hoping to exploit user interactions across all security domains, including cloud and mobile.
Is employee negligence the greatest "insider" threat?
While it’s tempting to blame most insider security breaches on the disgruntled employee bent on stealing data or creating havoc, the truth is often much simpler. Insider negligence, rather than malicious behavior, is often the culprit. Careless insiders can jeopardize your data security by mismanaging passwords, opening an infected document, forgetting to log off a shared workstation, or failing to encrypt their mobile devices.
Protecting data is no longer just a matter of regulatory compliance – it’s become a business imperative. An IBM/Ponemon study of C-level executives identifies negligent insiders as the #1 greatest risk to sensitive data. In the study, those surveyed consider data breaches to be the top risk to their corporate reputations.
The "people" side of security
With insider incidents on the rise, and their corporate reputation at stake, organizations are taking a closer look at the “people” side of security. The business challenge is clear; insiders must be managed but not hampered from performing their necessary work, wherever they are located. Identity and access management solutions (IAM) can help enterprises protect sensitive assets from inappropriate access and demonstrate compliance with security regulations, while still providing employees, partners, and consumers with ready access to the information they need, even in cloud and mobile environments.
Even though IAM products have been around for over a decade, their functionality is keeping step with the latest security demands. Today’s IAM solutions offer a lot more than just user provisioning, single sign on and password management. They can provide role based user entitlements, safeguard user access to cloud/virtualized environments, and protect online transactions in web, cloud or mobile environments. For example, IBM Security IAM solutions can help secure shared accounts used by privileged users, provide single sign-on and strong authentication to the virtual desktop, ensure compliance with regulations, and enable secure business collaboration in the cloud and on the mainframe. These products draw on the strengths of other products in the IBM Security portfolio to help our clients cope with today’s advanced security threats.
Identity and Access Management is key
In summary, whether you’re trying to protect corporate data stored in the cloud, rein in application use in mobile environments, or prevent embarrassing security leaks, identity and access management solutions offer the tangible, operational benefits of improved user productivity while also reducing the risk of security breaches. Don’t let your trusted insiders ruin your day. Download this white paper to learn more about how IBM IAM solutions can help improve security and control access to protected resources.