How to Spot High Risk Accounts in Your Organization
The Danger of Stolen or Misused Credentials
According to the Verizon Data Breach Report over 80% of breaches were due to stolen or misused credentials. This shows us that our access credentials are more valuable than ever which means that being able to locate our high risk access accounts has become more important than ever. Do you know who has the administrative privileges to your key applications, networks, servers, or even email programs? When you are working in a small company with only a handful of employees this information can be easily tracked. Manually mapping a handful of applications isn’t difficult. However, it becomes much more difficult for businesses with more than 100 users. Manual recording becomes virtually impossible to manage.
The Larger the Organization, the Bigger the Challenge
There are hundreds of thousands of access relationships active in a normal network. At the enterprise level you can be looking at trillions of access relationships. Keeping up with who has the keys to what is more than improbable, it is impossible to control at any scale. They typically incorporate user provisioning, password management, policy management, access governance, and identity repositories in an often complex design. While these solutions are extremely helpful in tracking your access relationships, in order to be able to spot your high risk accounts, you must add intelligence. Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but also from security products and other external systems. What does this real time data mean in your real world? Here are a few examples of how using actionable intelligence can help you find your most at risk accounts:
1. The ability to compare access roles and peer groups
While there are exceptions to every rule, let’s be honest, most roles in your organization have the same needs when it comes to access. That being said, when you are comparing the 20 people in the role of ‘accountant’ and you see that one account has markedly more privileged access, or access to more applications and programs, you can immediately investigate and/or shut down access from that account in order to protect the data available to that account.
2. Force micro-certifications for questionable activity
Speaking of questionable access, wouldn’t it be nice if your system automatically noticed when that one accountant asked for access to systems that they really had no business needing? With an intelligent IAM solution, you can force micro-certifications from a senior account when unusual access is requested.
3. Notifications and alerts to suspicious activity
I know, more alerts, but again isn’t it easier to be automatically alerted to suspicious activity when it happens rather than months later during your audit? Often times, a bad actor will enter your system through a seemingly innocuous system or application. Something that everyone has access to so it doesn’t seem like anything out of the ordinary is happening until they move throughout your system gaining access rights as they go. With IIAM you will be alerted to this activity before it can escalate.
4. Where are your orphaned accounts?
Do you have summer interns in your company? What about consultants or contractors? When they finish their project or their internship runs out, do you have a reliable system for deprovisioning them? With a traditional IAM system, you should be able to see this. With intelligence, you can see where your orphaned accounts lie at any time and setup for a reliable system for de-provisioning these critical accounts.
Think an IGA solution is right for your organization? Whether you're still assessing this question or are seeking a specific solution, we're eager to answer any questions you have and give you a personalized demo. For more information, check out our solutions page.