FIVE WAYS TO DEAL WITH THE SECURITY RISKS
To truly defend businesses from threats, a variety of approaches can be adopted:
1. ENFORCE ‘LEAST PRIVILEGE’ AS THE STANDARD
Instead of giving users all-or-nothing access, privilege must be granted based on specific user needs and scenarios. A solution needs to allow for different levels of individual access, with a broad scope for what that means. You should be able to control access based on, for example, function, team, vendor, location, time of day, and more.
2. CONSIDER THE USER EXPERIENCE
Security solutions need to be usable. Access to systems should be granted in seconds, while still providing all of the checks and balances to mitigate threats. Security teams can’t slow things down in the name of security as this risks productivity and insiders will find riskier work-arounds. Give people something that’s easy to use, and that fits (or even improves) how they do their day-to-day jobs. This approach requires security and IT professionals to involve end-users in the early stages of designing new policies or selecting new technology.
3. IMPLEMENT SEAMLESS WORKFLOW PROCESSES
Companies don’t have large teams to manage access rights for the growing number of privileged insiders and vendors. Solutions to grant and revoke privileged credentials and permissions need to be easy to administer and use, and integrate seamlessly with existing environments.
4. MONITOR, RECORD AND ANALYZE BEHAVIOR
As the environment becomes more complex, technology can help you comply with regulations requiring that all activity and behavior is monitored. You should be able to identify every individual that accesses sensitive systems and what they are doing, as well as sound the alarm if they are doing anything malicious. All of this information needs to be recorded so there is a clear audit trail.
5. REVIEW POLICIES AND TRAIN PEOPLE REGULARLY
Technology can help make security easier, but it is just one aspect of the entire solution. People and processes must support this too. Review your security policies often, and make sure new and existing employees are trained on them on a regular base. Each employee or contractor needs to understand how their day-to-day actions can help protect the business from threats. Be sure to maintain the security knowledge of your employees by implementing a security awareness program supported by e-learning and the Security Awareness App.
Parts of this blog are based upon a report published by Bomgar.