Traditional 1.0 IGA solutions are strongly focused towards provisioning (access request, access approval, etc.). While there is no doubt that provisioning is an important matter, it takes a lot of time and quite some budget to get it up and running properly. And it’s only when the provisioning side of things is nearly completed, that traditional IGA solutions will finally start paying some attention to governance. And that’s quite an issue, as in recent years governance has become much more important than before…
There is no doubt that it’s vital to take care of unused accounts and to
ensure that all accounts are properly governed and monitored. If not, compliance (and company) requirements won’t be met, the organization might pay unnecessary costs for software and the risk for data breaches will lurk under the surface…
People change jobs all the time. This entails quite some extra work – mainly administrative tasks – on the employer’s side. One of those tasks is to delete all passwords and close all accounts the former employee was using. This seems like a logical and important step and yet it is often overlooked. This leads to the existence of so-called ‘orphan accounts’, which could be hazardous for your company…
Even though most companies are well aware of inside cybersecurity threats, they are often reluctant to dedicate the necessary resources and/or executive attention to solve the matter. Furthermore, many companies feel embarrassed about insider threats…
Several of these data breaches are caused by a malicious employee (through theft or sabotage), others are due to employees being negligent. Let’s take a look at what happened with Equifax, The Home Depot, Snapchat, Sony, Sage, Korea Credit Bureau and Chicago Public Schools…
As PAM stands for ‘Privileged Access Management’, it makes sense to assume this addresses all privileged accounts in an organization. However, PAM doesn’t do that. In fact, PAM only addresses administrator accounts, a limited part of the total number of privileged accounts in an organization.
When you are confronted with a data breach, you’ll want to close the leak first, which results in IT-related costs. You also have to communicate quite intensively to several stakeholders during the entire process. On top of that, your organization might also have to pay regulatory fines (SOx, GDPR, NIS, …) and legal costs. And last but not least, long tail costs, caused by the loss of customers, and a damaged reputation and goodwill make the total cost even higher.
The cases we collected here – Google, Tesla, Desjardins, Anthem, Coca-Cola, Scorpene Submarines and Target – show that even though they are all about data breaches caused by insiders, the actual circumstances – as well as the consequences – can differ significantly…