What do you think poses the biggest insider risk in your business? There’s no doubt that the Snowden case has highlighted the danger posed, particularly by those users with elevated privileges and access to sensitive and valuable data.
Analyst firm KuppingerCole, who specialise in identity and access management say that, “In practice there is rarely a user life-cycle management for privileged users in place and the danger of password leaks when internal admins leave the organisation or the contract period of an external admin comes to an end has to be considered high.”
So organisations are being challenged to do a better job of minimizing the risk posed by user access, but recent comments by Gartner research director Felix Gaehtgens has questioned the approach many businesses are taking to Identity and Access management, “History is full of failed IAM projects. We believe the key to success is to simplify the approach.”
Gaehtgens believes that many of these kinds of projects bite off more than they can chew and often end up achieving very little in an attempt to solve too many problems at the same time.
“Rather, organisations should prioritise by identifying the low-hanging fruit and address all the things that should be done before implementation and will make their IAM project more manageable,” said Gaehtgens.
Managing, controlling and monitoring privileged users is not only classed as “low-hanging fruit” but also addresses some of the key challenges around identity and access management.