Skip to main content

Dear Board of Directors, It’s Time to Do the Right Thing and Elevate IAM

May 17, 2018

I talk with IT executives regularly and have noticed a trend across industries that is concerning. While the threat of a data breach looms large on the horizon, IT leaders consistently appear to address the threat with a "wall building" focus. Certainly, protecting resources from unlawful entry is necessary and valuable, but what about the threat from within? According to the Verizon Data Breach Incident Report, 81% of hacking related breaches leveraged stolen and/or weak passwords. Yet, far too many IT leaders ignore the identity problem in favor of building a better "wall." It is time to focus on identity and access management (IAM).

Right away, some of you bristled at the mention of IAM and I don't blame you. According to the Ponemon Institute, 74% of organizations believe implementing IAM is too difficult. It feels safer to keep investing in traditional perimeter mitigation strategies, rather than address what could be a significant investment of time and resources for your organization. But, as my good friend Clark Griswold from National Lampoon’s Vacation found, plugging the hoover dam with bubble gum isn't a sound prevention strategy.

The reality today is that your organization has been breached. You may or may not know it yet, but make no mistake, those that wish harm to your organization have found ways inside. It may take the form of malware, phishing attacks, denial of service attacks or accidental web exposure. Even more alarming is the insider theft threat. The SailPoint Market Pulse Survey (2016) found that one in five employees would sell their work password! Well managed identity solutions don't remove these realities, but they do offer a mitigation to the exposure and a way to move forward with confidence.

So, how do you shift a traditional "wall" focused organization to making a well-managed identity program your primary objective in 2018? Here are three things every IT leader should be discussing with their executives and board right now:

  1. Assume your organization has been breached and attackers still have access
  2. Adopt a zero-trust model
  3. Ensure identities that would allow lateral movement within the organization are secured, including OEM accounts, aged accounts, and privileged accounts with stronger controls

Ironically, nearly all organizations that weather a data breach allocate valuable dollars and resources to tightening up their identity processes and tools. The better approach is to make the time and investments now before your customer data, competitive advantage or confidential information is lost.  Stay away from the latest shiny object and get back to the basics – access control, user lifecycle and access governance, should be your highest priority.

Teddy Roosevelt once said, "In any situation, the best thing you can do is the right thing; the next best thing you can do is the wrong thing; the worst thing you can do is nothing."


    Mitch Powers

By: Mitch Powers

Senior Security Consultant, Identity and Access Management

See More

Related Blogs

May 30, 2018

Phishing - The Rest of the Story

Receiving an email lure designed to trick you into clicking a phishing link and then logging into a fake website has become a common threat. In this b...

See Details

June 19, 2017

Implementing an Identity Centric Approach

With the latest Verizon Data Breach Incident Report finding that 81 percent of hacking related breaches leveraged either stolen and/or weak passwords,...

See Details

June 10, 2019

How to Govern Digital Identities and Access in a DX World

Recently, the emergence of Identity Governance-as-a-Service has helped solve some of these issues and automate the process of governing identities wit...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

February 06, 2012

Access Governance 101 | Optiv

We will be posting excerpts from select Identity Strategy and Advisory Group (ISAG) briefings. Part 2 below is transcribed from a recent briefing that...

See Details

January 24, 2018

Identity and Access Management Capabilities

We can help enable your business while reducing risk.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.