Halloween is my favorite holiday. I love everything about it - pumpkin picking, trick-or-treating and haunted houses that spook and fright.
If you’re a CISO, it’s not goblins and ghouls that put the fright in you. Rather, it is the rise of security threats and data breaches that keep you up at night. It is no laughing matter. While Halloween comes around just once a year, a data breach can happen to anyone, at any time and threaten any device. Just this month, Facebook notified users of a massive data breach that occurred on September 25, 2018, affecting more than 50 million people. Facebook does not know exactly what kind of information was compromised, but they do know the hack affected users who use Facebook to log into other accounts. Personally, I think that is probably almost every Facebook user, since Facebook is the world’s largest Identity Provider.
There is good news this Halloween. By leveraging the latest generation of ideas, technologies and toolsets in Identity & Access Management (IAM), you can ensure that access to your organization’s data assets are granted only to the right users in the right context by wrapping access decision policies, that you define, around your ever-fresh identity and access-control data. Event-based certification and periodic attestation will help you ensure that access is removed in a timely fashion, once it’s no longer needed. Since IAM advocates the automation of processes to determine when, what and to whom information is provided, you might just have free time for some old fashion trick-or-treating, now that the data owner has effective control over every single access decision, twenty-four hours a day. Let effective IAM controls safely manage how your employees, customers, vendors and consultants get access to data with access decision via the web, APIs and applications.
If you grew up in the eighties like me, then you remember Michael from the classic 1978 movie Halloween. Michael is a masked killer that relentlessly hunts his prey; usually poor, unsuspecting victims. Why did Michael have so many victims? BECAUSE…they were unprepared, unarmed and unsuspecting. Don’t let your data assets be similar victims to today’s relentless threats.
StaySafeOnline.Org reports that 86% of Americans avoid companies that don’t protect their privacy. The cost of a breach kills the reputation of your business and your brand, and steep regulatory penalties hurt your bottom line. When the “Cyber” Michael knocks on your infrastructure’s door multiple times a day, you can be well prepared by using effective governance principles, supported by a clean data architecture and effective processes and tools for managing access.
If Michael comes to my house this Halloween, I will feel safer knowing that I have secured a new identity perimeter that safeguards me, my house, and access to it. Advanced risk analysis and technologies can tell me if the person at the door visits frequently or has never been here. If they’ve never been here, they’re going to have to work harder to demonstrate that they belong here.
The same holds true with your data. With all the digital and security products trying to win your business, it’s important to understand the risk of doing nothing, so that you can protect your organization’s data by implementing an identity and access management solution that enables centralized management of users in a consistent and scalable way across the enterprise.
This Halloween, protect yourself and your organization by investing in NextGen IAM solutions. Don’t be the next victim.
by Sheila M. Petaccio, Client Partner-Healthcare and Eric Anderson, IAM expert