Most parents cheerfully mark the key milestones in their child’s path to adulthood: first step,first word, first school, first sleepover, first broken bone, and so on. But for many parents, no milestone causes as much anxiety as “first-time driver,” which is bestowed on all USA-based teenagers upon their16th birthday.
While surviving the experience of having our child become a driver may seem far removed from the world of access governance and entitlement certification, I found some parallels between managing a teenaged driver and managing the access rights and IT privileges of the end users in your organization. You can read more about it in my latest report, “Wake-Up Call: Poorly Managed Access Rights Are A Breach Waiting To Happen,” but here is a quick preview.
A common problem facing parents of teenaged drivers and IT organizations is that they have properly authorized users but often lack visibility into actual usage of those access rights. In the case of the teenaged drivers, parents often seek data around vehicle usage (Where did it go? At what time and at what speed?). For IT security professionals, organizations can no longer rely purely on static lists of authorized users and their access rights. So, just the way parents can impose mileage restrictions (reading the odometer to limit the distance a car can go in a given night) or fuel restrictions, an IT security team cansupplement access governance processes with additional usage data such as:
1. Has the employee accessed the application/system during the last certification period?
2. How often did the employee use the given entitlement?
This winter in Boston has been a record breaker. Bostonians are tired of the weather, while non-Bostonians are tired of hearing Bostonians complain about the weather. However, this never-ending winter provides a useful analogy for assessing your organization’s identity and access management (IAM) processes.
My analogy is based on two words that strike fear into many Boston-area homeowners: ice dams. Ice dams are ice structures that form on roofs, following heavy snowfall, that can cause leaks.
Ice dams often dissipate naturally, but record snowfalls and persistent cold temps have exacerbated ice dams this winter.
Just as ice dams can cause leaks, “identity dams” can cause data leaks and other internal problems. Identity dams may result from reorganizations or may just be existing business processes, but they should be removed.
The challenge is overcoming complacency. Just as many homeowners hope ice dams will dissipate naturally, organizations delude themselves with “This is how we’ve always done it,” and conclude that therefore removing identity dams is not necessary. For complacent organizations, the worst case is having users become accustomed to complicated manual processes for requesting access to new applications, waiting weeks to get access to new applications, and having multiple passwords.
Organizations and homeowners should follow these three steps to minimize the potential damage caused by ice dams and identity dams:
Come again? You mean to tell me that Eve Maler, one of Forrester's experts on emerging identity and security solutions, has never changed her Amazon password? Yep. She aptly points out that "Amazon has no password rules." While passwords aren't dead, she says, firms that rely only on passwords for identity management are vulnerable to serious breaches. Most firms have "terrible hygiene" when it comes to identity management.
In this episode of TechnoPolitics, Eve Maler discuss how firms like Amazon and Paypal use a "constellation" of risk-based authentication techniques and technologies to protect customers' identity. The courage to make tough calls — that's Eve.
Podcast Listening Options — The Future Of Identity Management