IAM: how analytics is changing everything
12 April 2019
idax uses entitlement information to generate insights into who has access to either data or systems they should not have.
By 2020, data theft is set to be a $2trillion industry, with 75 per cent of employees saying they currently have access to data and systems they shouldn’t, and 25 per cent would sell company data for less than $8,000. Against this emerging cyber-crime threat most companies are still relying on the tried-and-tested approach of periodic manager reviews, and best endeavours for the joiner-mover-leaver process the rest of the time.
But everyone from audit firms to regulators to risk professionals are admitting that this approach is fundamentally broken. So what replaces it? Some forward-thinking companies are looking to analytics, not only to detect bad behaviour inside and outside a company, but to prevent the opportunity for insider threat by reinforcing existing processes and changing attitudes to access management. idax adds real business value with the following guidance:
- How to analyse your entitlement data quickly and effectively
- What managers need to do better reviews
- How moving department is a clean-up opportunity
- What IAM can learn from the retail industry
- Why a quick preventative control delivers more benefits than a slow detective one
- How to justify spend on IAM analytics
- Why gamification and security go together
- How to harness a social media approach to reduce cyber-threats
When a data breach hits the headlines, most people picture a criminal operation involving a teenage hacker or state-sponsored conspiracy. But you know the real threat is much closer to home. Here are some respected watchdog observations:
- 40 per cent of data breaches are carried out by insiders and 90 per cent of tech crimes are committed by employees. Most breaches are simply about access and opportunity.
- 75 per cent of employees say they have access to data they shouldn’t. And 25 per cent of your employees would sell that data to a competitor for less than $8,000.
You know there are people in your organisation who have access to more information than they need to do their job. You know these people are the real danger, not criminals and not competitors. But how can you convince the business to sit up and take notice and remedial action? This is where idax delivers.
idax spots employees with access to data they shouldn’t have. Within minutes. And without knowing anything about your day-to-day business.
idax uses a proprietary algorithm to cross-reference organisational data with access permissions. It’s a fast and effective way to spot anomalies – such as an employee who has moved teams and so has significantly more entitlements than they should – and flag them as potential security threats.
At the click of a button, you can see who has access to data they shouldn’t – and remove that access.
It’s fast. It’s effective.
$2.1 trillion the total cost of lost data
$148 the cost of a single lost record
idax is a form of preventative control that eliminates risk right at the source. We don’t attempt to tell you why the anomaly has crept in, we simply flag the people who have the potential to cause problems. You take it from there.
idax lightens the load on managers who currently face with the thankless task of renewing sets of permissions. It gives those managers more context and intelligence with which to establish least privilege.
idax is easy to set up and quick to show results, integrating across your access and security platforms. You just plug it in and go.
Many businesses use the idax platform as an integral part of their ongoing information security strategy. Step one is an idax risk discovery session, a way of seeing the power of the platform – and of finding out what you need to deal with.
This isn’t about predicting criminal behaviour or attempting to understanding motives. An idax risk discovery session simply shows you the risks you’re facing so you can shut them down immediately.
You give access to the people who need it. You take access away from the people who don’t.
It’s a simple but radical new approach to identity and access management.
Go to www.idaxsoftware.com