Identity and access management
Access control is often discussed as part of identity and access management (IAM). This is a market that has grown during the past few years thanks to more and more organizations wanting to satisfy compliance requirements. Better access control is needed- not just for compliance, but also to address vulnerabilities and safeguard against malicious acts. For example- on January 24, 2008, a rogue trader at Société Générale in France placed $7.2 billion in fraudulent trades. He had built up positions worth more than $73 billion—more than the bank’s estimated market value of $50 billion. How could such massive fraud occur at the second-largest bank in France? “Very clearly, some internal control procedures didn’t work,” said Christine Lagarde, France’s Finance Minister, after the investigation. A couple of more examples: More than $12 was million lost when an administrator planted logic bombs that destroyed critical programs at Omega Engineering. $2.5 million of intellectual property was lost when an administrative assistant at “Steven E. Hutchins Architects” deleted seven years’ worth of architectural drawings. She used her own credentials to access the server where the drawings were stored.
Every company has to identify all the sensitive data in the organization and regularly audit access to it. Without that, there is no way to know just how much the company has already lost to insider attacks or how much will potentially be lost.The 2007 E-Crime Watch Survey reports that “unauthorized access to/use of corporate information, systems or networks was the most common insider crime. In several cases, having a role distribution policy in place would have prevented the malicious acts. Consider the access to the network and to user accounts, where junior-level administrators have access to the network and to user accounts, so they can reset passwords, restart servers, and perform other administrative tasks. Or the superuser accounts that can bypass system controls to access or destroy sensitive information. Or the unauthorized access to an application using a stolen password to a privileged account.
Having solid procedures in place can prevent events that can have disastruous consequences. “It is important that organizations are proactive in their approach to mitigating insider threats,” says Dawn Cappelli, Senior Member of the Technical Staff at CERT. CionSystems’ Active Directory management suite can help. Real-time notifications, in-depth reporting, granular password management tools and role-based delegation will help control insider access and mitigate risk.