[BreachExchange] Data Security, the Biggest Problem for Enterprise

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 30 19:41:27 EDT 2017


Enterprise organizational leaders worry about growth, sales and profits,
but should they not be equally concerned about security? Of course. While
there are many factors contributing to the success of an organization, one
of the threats are security risks, that if arise, can effect an enterprise
more than even a period of low sales or decreased growth rate.

Even small breaches can cost your organization a great deal of money and
negativity, and these security breaches can happen in several different
ways. The most obvious breach is from an outsider — a hacker gaining access
to your network. Another possibility is an employee breach, either
willingly or unwillingly. This is why it is vital to have proper security
and access management measures in place.

Your employees can gain too much access, from the beginning of their
employment when their account is created or accumulated access rights can
be over time as they are provided access for a certain project and it is
never revoked. Additionally, one of the most common security issues you
will see (or you have likely experienced) is an ex-employee that has been
left active on the company network after their departure.

Many enterprise organizational IT leaders often do not focus on internal
security as much as other potential areas of growth for their company so
the best way to ensure that security issues do not have a huge impact on
your organization and your team is to put measures in place to secure
against several weak points. By putting in some automation efforts, you can
maintain your focus on the bigger dollar, resource-intensive areas of the
business while reducing the need you to focus over there, where the less
intensive but also important resources efforts remain.

Perhaps you’ve thought of doing so in the past, but it you are struggling
with this issue, automated account governance technology can simplify your
access processes and, therefore, help you prevent against an internal
security breach. This makes the task of granting and removing access
simple, ensuring that it is done correctly. I assure you.

Likewise, role-based access control technology can create a map for you
that leads to correct rights assigned to the correct individuals. No need
to fret over this detail – the creation of a matrix — your access
governance technology can automatically read the role-based access control
rules map and knows exactly which authorizations must be assigned to the
holder of each account. With role-based access control, organizations can
easily generate a report of access rights to have a clear overview of
everyone’s rights in the company. They can then correct any errors for
existing employee’s access rights based on the norm.

Access governance also automatically corrects any inappropriate access and
revokes the rights of employees no longer with the enterprise or have a
different title or work in a different department. It is ensured that a
contractor or ex-employee that leaves the organization can no longer access
any resources. A department manager can then disable access from one place
in employee’s profile in the source system, and all access is immediately
revoked. Security issues are probably the biggest threat to enterprise
organization. This is why they should place as much energy on ensuring
security as they do on profits and growth. By ensuring that the proper
security measures are in place, organizational leaders can rest assured
that a security breach will not be a huge detriment to the enterprise.

Unfortunately, leaders tend not to focus on security measures until a
breach occurs and then it is too late. When data breaches occur this can
have a major impact on profits and the image of the company. First, you
need to conduct a major damage control campaign to address the issue, and
you’ll likely spend more on resources repairing your credibility and
reputation with the public. Thus, put security measures in place from the
start. It can be less expensive in the long run.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170530/96e5e891/attachment.html>

More information about the BreachExchange mailing list