Business IT

How to strengthen your data security strategy to prevent entitlement creep

By Terry Burgess on Feb 15, 2021 1:55PM
How to strengthen your data security strategy to prevent entitlement creep

Editor's Picks

IoT Explained: What is the Internet of Things in Australia (June 2022)

5 essential digital transformation ideas

Top 5 Benefits of Managed IT Services

Venom BlackBook Zero 15 Phantom

As many organisations shifted from on-premise work to hybrid or remote teams, it presented more challenges in being able to manage identities across various environments with multiple points of access.

Implementing strong security measures to protect valuable data such as professional digital identities, has never been more critical. The need to authenticate individuals tied to multiple applications and data creates a demand for faster, remote access for employees to remain productive.  However, it also opens the doors for risk and compromised accounts.

Effectively managing identity security is a crucial factor in preventing business-relevant data from being exposed. The most recent Office of the Australian Information Commissioner’s (OAIC) report on notifiable data breaches found that 45% of data breaches exposed identity information during the last  reporting period.  The human factor is also a common theme in data breaches, with the OAIC report stating that 38% of data breaches were caused by human error.

In order to mitigate the risk, IT and security teams must start asking the key question of, “Who has access to which data from where?” This is a good starting point for any good data protection strategy that ensures all valuable data is safeguarded from threat actors.

It’s easy to forget that as employees move from one department to another, they often keep their old permissions while gaining new ones. This creates an extended network of access points to potentially unauthorised individuals, enabling a hacker to have more points of entry as compared to targeting someone with fewer privileges.

Newsletter Signup

Get the latest business tech news, reviews and guides delivered to your inbox.

I have read and accept the privacy policy and terms and conditions and by submitting my email address I agree to receive the Business IT newsletter and receive special offers on behalf of Business IT, nextmedia and its valued partners. We will not share your details with third parties.

Granting initial entry via access management is only the “bouncer” of the business, keeping out who isn’t invited but, once entry is gained, the individual has free reign. The key is to focus on enablement and security, providing access to important technology and tools but being able to control permissions. It is crucial for management to know who within the workforce requires certain access, and then modify permissions if the role changes, or restrict - perhaps completely remove - access when not needed.

If done manually, identity management can be time-consuming and tedious, but with the introduction of Artificial Intelligence (AI) and Machine Learning (ML) into identity management systems, these technologies will do the work for you. By 2022, 7.5% of IT operations will be supported by AI or analytics-driven automation. With thousands, possibly millions of digital identities existing across an enterprise organisation, enforcing a least-privilege access model for each digital identity is critical to the overall health of a security program.

Decision-makers should look into the possibilities of autonomous systems that will grant and withdraw authorisations, warn responsible admin of inappropriate rights, and handle user requests. It’s about defining and managing the roles and access privilege of users.

By automating these processes, it frees up time and improves efficiency by streamlining processes, particularly across IT and HR who are primarily responsible for managing the user lifecycle. The use of an identity and access management system can cut the time-consuming manual processes of gathering user data, creating users and establishing roles, and manually managing the identities throughout their digital lifecycle within the company.

The latest OAIC report stated that breaches due to human error increased by 18% in the latter half of 2020.  Enabling AI and ML to automate identity management decisions can reduce the risk of security incidents and potential data breaches which result from simple mistakes. Furthermore, being able to enforce security without being dependent on manual recertification or validation ensures access rights are tailored to the specific user based on risk level.

A robust identity access management system, combined with other factors such as awareness training for employees and efficient security tools will form a solid foundation for a strong data protection strategy. The ability to control and monitor who enters and exits systems is vital in supporting and securing your organisation, while simultaneously exercising good privacy practices in order to maintain the trust of employees with their information.

Terry Burgess is VP of APAC at SailPoint

Copyright © BIT (Business IT). All rights reserved.
Tags:
data security guide security services
By Terry Burgess
Feb 15 2021
1:55PM
0 Comments

Related Articles

  • 5 essential digital transformation ideas
  • Ransomware: what SMBs needs to know
  • How Australian companies can overcome the cyberattack ‘tsunami’
  • How to use business SMS without it getting flagged as spam
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

5 essential digital transformation ideas

5 essential digital transformation ideas

IoT Explained: What is the Internet of Things in Australia (June 2022)

IoT Explained: What is the Internet of Things in Australia (June 2022)

Top 5 Benefits of Managed IT Services

Top 5 Benefits of Managed IT Services

How to manage payment risks and fraud in 2022

How to manage payment risks and fraud in 2022

Poll

What would you like to see more of on BiT?
News
Reviews
Features
How To's
Lollies
Photo Galleries
Videos
Opinion
View poll archive
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.