Managing Your Internal Security Threats

October 11, 2009 by ADMIN
Share |

Coby Royer, Technical Product Manager for Symplified

I’d like to applaud some of the recent points that resonated with me raised by Richard Stiennon in his post, “Identifying and Countering the Insider Threat“.

For a long time I have been recapitulating concerns to enterprises about managing the internal threat.

And with the recent economic downturn, layoffs and other sources of employee dissatisfaction are increasing the risks from internal threats.

The web is full of stats and case studies if you want to read more.

The fact is, corporate management must pay attention to the insider threat and implement policies and controls to manage it.

What to Do?

The one message I’d like to leave our readers with is well stated in Stiennon’s article: “Identity and Access Management tools are the single most valuable defense you have against the insider threat.”

Authentication

Employ authentication strength that is commensurate with risk and which complies with applicable rules and regulations.

Whether this means passwords or MultiFactor Authentication (MFA) such as biometrics or smartcards, be sure to invest in appropriate technologies and train your user base on tools and policy.

Provisioning

Be sure your processes and tools for the creation, removal, and management of accounts do not leave you exposed.

Entitlements and accounts for former employees must be revoked as quickly as possible. Use approval and/or attestation workflows and role based access control (RBAC) wherever possible.

And do not forget about privileged account management: “You cannot begin to get control over privileged accounts, IT administrators, or even software licensing costs until you enable an effective Identity and Access Management solution.”

RBAC

Defining and enforcing roles is a huge topic. Although simple in theory, assigning roles to people and then setting access control according to role is non-trivial.

Bruce Schneier has some great info in his latest newsletter “Real World Access Control.

What may seem easy at first is complicated by poorly defined roles, constant role churn, multiple roles, and the pragmatic fact that under-entitling employees incurs productivity costs.

I like Stiennon’s suggestions to keep it simple, start by defining groups for each function in the organization, and include tools for review of exceptions; as he puts it, “granular control over what people do on your networks and a means to enforce the policies that regulation and security best practices require.”

Compliance and Reporting

Regular review of audit logs to see who has accessed what is important. Monitoring and logging are essential to understanding risk and detecting malicious activities.

Enter the Cloud

Of course, all the above take on new challenges once we leave the corporate four walls.

Technologies that extend the span of Authentication and Access Control to SaaS Apps are indispensible. Simply because an app is SaaS does not make it immune to regulatory needs.

What Now?

Listen to the experts! Employ processes and tools that manage the insider threat. Look at the facts: this threat is real.

And all organizations have these risks. And of course, build your single most valuable defense: IAM.

Coby Royer has over 20 years technology experience in software and security startups, consulting, and large enterprises. He has served roles in software development, enterprise architecture, and management, in lines of business that include Internet security, commercial software, financial services, consumer goods, e-commerce, and expert systems. He holds a number of patents in security and e-commerce. Coby serves as Technical Product Manager at Symplified, Inc.

Symplified, Inc. is a unified access management system purposely built for the cloud architectures of SaaS. Symplified integrates your existing IT infrastructure with the cloud, streamlining management, reducing costs and improving security. Symplified was designed to address your on-premise access management needs as well. Build secure portals with personalized access for your workforce, customers and partners. Symplified offers a complete, enterprise-class Web Access Management (WAM) infrastructure that rivals the capabilities of expensive, 1st generation products but without the frustrations and limitations of heavy monolithic software.

Complimentary Whitepaper:

How SaaS Cuts The High Costs of Web Access and SSO By 80% with On Demand Identity

This whitepaper explains:

  • How identity services eliminates all capital outlays for hardware, software and infrastructure, expenses for support and staffing
  • You can reduce the costs of training and integration to reduce identity lifecycle costs by more than 80% from enterprise identity software







* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

Enter your email address:

Delivered by FeedBurner

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, Cloud computing, Coby Royer, D&O Liability, FEATURE ARTICLE, Financial, Sarbanes-Oxley, Symplified, Uncategorized, due diligence, hackers, malware, virtualization 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!