| The looming threat of redundancies resulting from the | | | | have access rights to some applications. All this time, |
| recession has highlighted a surge of high profile internal | | | | the ex-employee will be able to access sensitive and |
| data thefts. Both in the UK and oversees, the media | | | | competitively valuable information. This unnecessary |
| has regularly reported instances of inappropriate | | | | risk exposes businesses to tangible damage, which |
| access to sensitive company data. For example, in the | | | | can be easily avoided by the speedy deactivation of |
| US, at the California Water Services Company, an | | | | the user’s access. |
| auditor resigned, but illegally accessed computer | | | | In order to avoid such mistakes, businesses should |
| systems to steal more than $9 million before leaving. | | | | ensure full visibility over access records, employee |
| These cases, whilst ethically unjust, also highlight data | | | | access rights, and accounts that need to be removed. |
| protection concerns. If organisations do not have | | | | Deactivating orphaned account access is a critical first |
| visibility over who is accessing confidential data, they | | | | step towards comprehensive enterprise security. It is |
| risk losing more than their critical data, but also their | | | | crucial that businesses can track which employees |
| reputations, and as a result, their customers. | | | | have access to specific systems, and when |
| Unfortunately, this is just one saga in an ever growing | | | | employee’s leave, that they are able to quickly |
| litany of tales of breaches that we’ve been hearing | | | | deactivate access. Without this fundamental level of |
| about. | | | | access management, businesses are unable to |
| Symantec’s research with the Ponemon institute | | | | maintain basic control over their most valuable |
| has in fact suggested that 59 percent of | | | | business asset- their company’s data. |
| ex-employees have admitted to stealing confidential | | | | Whilst locking down accounts is a critical step to take |
| company information, such as customer contact lists. | | | | following any termination of contract, it is equally |
| This outstandingly high number encourages us to | | | | important to efficiently manage access during |
| consider how such thefts can be prevented moving | | | | employment. When setting access levels for existing |
| forward. Did all of these employees really need | | | | employees, it is crucial to allow users access to the |
| access to such valuable data? If not, senior executives | | | | information required to perform their job function, but at |
| should be addressing their access management | | | | the least level of access possible. By fully tracking |
| policies, and ensuring that they have visibility over what | | | | these privilege levels with tools such as SSO, senior |
| data is being accessed, by who, and why. Without this | | | | executives can take steps to ensure access issues |
| control, businesses leave themselves at risk from | | | | are not overlooked, and control over who may be |
| existing staff, staff that may be made redundant soon, | | | | accessing what and when is maintained. |
| or have previously been part of the organisation. In | | | | Setting basic access control is simple. It is advisable to |
| order to protect themselves, organisations can use | | | | start by getting a handle on which users need access |
| basic security access tools such as the coupling of | | | | to what information. By first analysing what access |
| Strong Authentication and Single Sign-On (SSO), which | | | | users require to do their jobs, reasonable boundaries |
| authenticates and then tracks each user’s access. | | | | can be defined for access outside those defined roles. |
| This will allow managers to have visibility over access | | | | Enforcing these access rights is not as complex as it |
| across their organisation, preventing inappropriate | | | | may sound. Technology such as Single Sign-On makes |
| access from occurring. | | | | it quick and easy to enroll users and assign access |
| Astonishingly however, it is not uncommon for an | | | | rights, whilst using strong authentication such as |
| employee to continue to have access to business | | | | biometrics can ensure that the right person is |
| applications even after the employment has been | | | | accessing the data they are authorised to see, |
| terminated. Many organisations simply neglect to close | | | | thereby protecting sensitive data. In today’s market, |
| down access, and consequently user identities are left | | | | keeping this information is more important than ever, |
| open and vulnerable for an unjustifiably long period of | | | | not only for compliance and peace of mind, but also to |
| time. As organisations are looking to host more and | | | | protect the two key “R’s”- Revenue and |
| more of their applications through web-based systems, | | | | Reputation. |
| they may not even know that the employee may still | | | | |