Effective Ways to Bolster Enterprise Security
Anyone who has been paying close attention to the information security landscape — and for that matter anyone who follows the news — knows that big-time data breaches have become fairly frequent occurrences.
During the past year or so, we have seen major attacks against companies such as Target, Sony Pictures Entertainment, Home Depot and Anthem. These intrusions have left millions of records, including sensitive customer and employee information, exposed to cyber criminals.
The high-profile incidents should serve as wake-up calls for organizations in all industries and in all sizes that attacks can happen to anyone at any time, and that they need to step up their security programs in order to avoid experiencing such intrusions or at least minimize the damage if one occurs.
Despite all the efforts of recent years to protect the perimeters of organizations, hackers and other attackers still manage to gain access to systems and critical business data. As discouraging and worrisome as these attacks might be, this is no time for companies to throw in the towel with regard to security. In fact, it’s vital that security and IT executives get a better handle on protecting corporate data.
Manage the end-to-end identity lifecycle effortlessly.
Among the key elements of providing a strong defense going forward are effectively managing users’ identities to control access to critical business information and applications, and managing user passwords. Technologies are available to help organizations enhance identity and password management.
One example is IBM’s Security Identity Manager (PIM), which is designed to enable companies to drive effective identity management and governance across the enterprise.
With PIM, companies can automate the creation, modification, recertification and termination of user privileges throughout the user lifecycle, through the use of roles, accounts and access permissions.
Empower users with self-service security.
An embedded role lifecycle management component streamlines the role structure approval process and reduces errors when validating user access rights.
Organizations can increase efficiency and cut administration costs through centralized user self-service, automated approvals processing, role mining and password management; simplify the design, implementation and validation of role and access structure across the organization; manage and prevent policy conflicts through separation-of-duty checking and enforcement; and improve governance and security through recertification of user entitlements.
The product features Web self-service for managing business roles, accounts, group membership and passwords. A set of controls enhance security, including preventive separation of duties and closed-loop reconciliation that detects and corrects changes to native target systems.
Access rights recertification features provide granular details for compliance and policies that can be easily configured using wizards and templates. Organizations can use PIM to quickly define recertification policies based on frequently used scenarios such as requiring a particular user’s manager to approve access to certain databases at certain times of the years.
Automate administrative processes.
And companies can simplify the administrative impact of manager approvals via bulk recertification of a user’s roles, accounts and groups.
Other key features of PIM include broad support for managing user access rights and passwords on applications and systems; flexible reporting for user access rights leveraging automatic synchronization of user data from different repositories; a role hierarchy that streamlines administration, provides visibility of user access, and helps bridge the gap between how business users view their IT resources and the actual IT implementation of user access rights; and a provisioning engine that adds and removes user access rights based on business roles or requests for user accounts and fine-grained entitlements such as shared folders or Web portlets.
The solution has an embedded workflow engine for automated submission and approval of user requests and periodic certification of user access rights. A group management capability helps simplify processes and reduce the cost of user administration by providing the ability to add, remove or change the attributes of a group within the PIM console.
Companies can use the system to create audit trails with detailed reports on consolidated workflows and access rights changes. Policy compliance monitoring and reporting includes audit trail collection, correlation and reporting to address compliance requirements.
Simplify security with a password management system.
In addition to identity management, password management is a critical element of an effective security strategy, and this is a key capability of PIM.
Companies need to be able to add or delete access rights quickly and easily, and to change passwords frequently as a security precaution. Password management has become more complex with the growing use of cloud computing services, and the number of unique passwords needed for each server can rise dramatically. A large enterprise might have to manage tens of thousands of passwords, and bear the costs of creating, deleting and changing passwords.
Customizable, Web self-care interfaces with PIM and allows users to perform tasks such as password changes and requests for new access rights, which can cut down on costly calls to the help desk. For instance, a self-service challenge/response system enables users to address the problem of forgotten passwords without calling the help desk.
The solution can help improve access control by enforcing policy-based password controls, such as hard-to-guess passwords and frequent password changes.
Protect privileged IDs from threats.
Another IBM offering, Security Privileged Identity Manager (PIM), also provides password management capabilities. The product supports single sign-on access with strong authentication that hides current passwords from end users, providing an additional level of protection.
The automated password management feature enables organizations to automate the check out of IDs, hide passwords from the requesting employee, and require password resets after use and upon check-in to eliminate password theft and reuse.
The system also provides centrally managed identities of privileged users to mitigate insider threats. With this product, companies can simplify privileged identity management functions with an intuitive user interface; request and approve privileged access to reduce risk and improve compliance; and help reduce total cost of ownership (TCO) with a virtual appliance deployment option and new administrative tools.
Because many organizations have a set of privileged users with extensive access to sensitive information resources, ensuring the identity of those users is essential to avoiding risk of security breaches and compliance issues.
Misuse of privileged IDs can lead to significant damage, simply because these IDs have access to so much vital information. For example, privileged users might have access to sensitive customer information, intellectual property, trade secrets and other employee’s passwords.
Research has shown that insider threats are among the most significant for companies. For example, a survey of 265 C-level executives conducted by Ponemon Institute and IBM in 2012 showed that 43% of respondents cited negligent insiders as a source of greatest risk to sensitive data. Negligent insiders were at the top of the list of risks, ahead of lost or stolen devices, insecure third parties, Internet/social media and Web-based attacks.
PIM is designed to address the threats by providing a solution for securing, automating and tracking the use of privileged IDs. Through centralized management of privileged identities, the system enables companies to track and audit the activities of privileged users while decreasing the number of privileged IDs needed, enhancing overall security.
Safeguard IT resources from internal and external risks.
Solutions such as these from IBM can help protect information resources, applications and systems at a time when major security breaches are all too common. They are designed to help organizations make sure users are who they claim to be before granting access to critical business data. And they can help enterprises better manage the passwords that allow individuals to gain access to a variety of IT platforms and applications.
Much is at stake in safeguarding IT resources. Data loss or theft can result in monetary losses, costly fixes, regulatory fines, and damage to branch and reputation. Unfortunately, the threat vectors are increasing as is the sophistication of attacks.
By deploying effective security solutions and keeping security policies and procedures up to date, organizations can better defend themselves against the latest threats — from both inside and outside the organization.
Have your business security needs grown beyond your capabilities? Insight and IBM combine technology and expertise to help you tackle these challenges. Contact us for help keeping up with the continually changing threats today.
Bob Violino is a freelance writer sharing news about technology, science and other areas of interest. Follow him on Twitter @BobViolino.