Traditional security strategy sees organizations focusing outward on their perimeter – protecting their network and data (in transit or otherwise). What’s missing is turning attention towards one of an organization’s weakest links – its users.
And we are not just talking about disgruntled, recently let go users who attempt to steal data post-firing. All of your users, malicious or not, pose potential threats to your organization’s security.
Your users are not security experts – nor do you necessarily expect them to be – and while they understand they have passwords, those passwords need to be complicated and must be changed periodically, and as such users aren’t always diligent about managing their work identities (Passwords on Post-Its, anyone?).
External employees, meaning contractors or vendors, pose an obvious threat being relative outsiders, potentially being granted access into your internal systems.
Adding to the potential security risks, your internal users are likely costing you money you don’t have to be spending. Help desk calls related to passwords, password resets, etc. can make up to 30% of your call volume. These types of help desk tickets calls can cost an average of $60 a ticket – if these calls are happening once a day, that’s $20,000 spent in a year on something that could be easily mitigated.
As you can see, it’s essential to manage and protect the warm bodies attached to the identities that are deeply involved with the data and networks you are also trying to secure.
Managing and securing identities requires a bit of time commitment, especially if you’re a large organization. Start by identifying your top 5 applications, identify critical user groups within those applications and work from there.
Auditing your users is a manual process. Using Info-Tech’s Identity Security Services Plan, we give you the tools to streamline your audit process by focusing on your critical applications and systems. With that re-executable process, you can then work through the rest of your applications and system. Following that, using the IAM Controls Analysis Tool – we help you identify the key controls your organization needs to pursue to strengthen their identity management tactics.
For your identity management resources, refer to Info-Tech’s Build an Identity Security Services Plan Blueprint.