Internal employees continue to pose biggest risk in security breaches.
Latest Experian security forecast - Cost of breaches in the healthcare industry could reach $5.6 billion annually.
How will the next identity spill happen? The latest Experian data breach industry forecast points to your employees being the biggest threat. Stronger external authentication and tighter protocols continue to miss the mark. Employee negligence will continue to be the leading cause of security incidents in 2015.
Experian goes on to state that Healthcare breaches will continue to grow this year. With the huge challenge of securing such a significant amount of data, the problem becomes even more serious when organizations are faced with a shortage of internal expertise. With the majority of breaches originating from inside company walls, the report clearly indicates business leaders need to fight the root cause of data breaches rather than buy the latest security widgets.
What are some steps that you can take in your organization to prevent the next identity spill?
- Perform regular certification or attestation of application or role access.
- Implement automated provisioning and deprovisioning of identities
- Implement Role Based Access Control and Attribute Based Access Control
- Control access to applications via a central identity provider
- Provide Self-Service password reset
- Implement strong authentication, regardless of the application
Preforming regular certification/attestation of access – At any time you need to be able to snapshot the access granted to a resource by roles, locations and person accounts. Security assignments should be automated, but access should be certified and routed to an appropriate authorized person for review. This review should verify the access and certify if it is valid or not. A tool like EmpowerID makes certifications easy for the organization with scheduled certification and attestation policies that can be run and audited.
Implement automated provisioning/deprovisioning – Role based or attribute based access needs to be automatically and immediately provisioned or deprovisioned. When an employee’s role changes, the resultant set of access needs to be calculated instantly. Some application and resource access will be taken away and some will be granted. Absence of role based deprovisioning is a root cause of an employee having too much access. EmpowerID takes provisioning to the next level by allowing you to provision and deprovision based upon roles in the organization.
Implement RBAC & ABAC controls - You need an RBAC/ABAC engine to continuously evaluate how much access someone should or shouldn't have. EmpowerID uses a hybrid approach with RBAC and ABAC adding in rules and even Separation of Duties enforcement.
Control access to applications via a central identity provider - Having users log into apps with a separate username and password is a recipe for disaster. An IdP allows you to centrally validate someone’s identity and then assert that identity into applications wherever they are. The EmpowerID IdP allows employees to search for applications that are granted for their role, removes ones that are not granted and provides the SSO into the application.
Provide Self-Service password reset - Let's face it, this not only tightens up security, but saves a lot of money. EmpowerID provides full detailed audit trails of anything account related such as who changed the password, who approved it and more.
Implement strong authentication, regardless of the application - There are a lot of ways to get into your network. The VPN, the email server and SaaS applications are all exposed entries into the protected network. Do they all have the same authentication capabilities? You need an authentication service that supports all the protocols, not just those most used. EmpowerID can step up authentication at any level for any service. The VPN, the routers, the SaaS apps, SharePoint, it doesn't matter.
The bottom line is this, an ounce of prevention is better than a pound of cure. According to Experian the average cost per lost record is just under $200 dollars, with average total impact cost to your organization just under $4 million. Click through below and let us show you how easy it is to automate access and control privilege in your environment.