The management of identity and access ( Identity and Access Management IAM) can be a difficult area to master because of the complexity of technologies and standards, but also many acronyms related to the topic. But the biggest challenge is how to manage unstructured corporate content as part of an IAM strategy.
Overcoming the challenge of acronyms and understanding the capabilities provided by different products is important because of the proliferation of data locations, and the myriad ways in which they move. Currently, many providers offer services to help overcome this challenge. And the market is expanding rapidly.
In the absence of clear and consistent terminology for what AMI covers for unstructured data, companies need to carefully consider the intended publishers to ensure that unstructured content is well addressed. Add to this the layer of complexity added by organizational changes and CISOs face a rapidly moving target: uncertainty about the location of data, its value and sensitivity, and the need for control over access and shares. Application data is generally well documented, as are the protections to apply to it. But the unstructured content is largely undocumented and uncontrolled.
By nature, unstructured data is hiding and spreading. This makes them particularly vulnerable to threats since they escape classification and administration, but can not be referenced as sensitive by legacy security solutions. However, many studies show that nearly 80% of enterprise data is unstructured today and integrated into the most critical processes.
At the 2016 edition of RSA Conference, Ken Allan, Ernst & Young’s global director of information security, said “all monitored data is likely to contain an identity. Even the most dangerous data such as malware contains a form of signature that links them to their creators. ”
Attackers are increasingly using compromised credentials to access enterprise data. Most malware runs with the same level of privileges as their victims. Administrative rights open the way for data theft.
Back to basics
Knowing where the company data is and controlling access through concise reporting and analysis will help limit the scope of an attack, and speed up the investigation process in the event of an incident. It also helps to ensure regulatory compliance. In fact, multiple regulations now force companies to know where their data resides. They must also define what their sensitive data is. And that starts with finding and categorizing these data in the middle of unstructured content. But as we cover more applications, servers, and devices, the risk of problems increases exponentially.
Companies can not simply embark on implementing controls without knowing where their data is, what they need to classify, and for which data they need to provide a reasonable level of security. Organizations also need to find this data, determine who is handling it, and find out how they are moving. This requires the use of a risk definition framework and automated tools.
This is where we should go back to the basics of unstructured data administration with inventory. Companies should where their sensitive data resides, what systems and terminals connect to it, what protection controls are already in place.
Take advantage of the IAM
With the addition of cloud services, and employees using their personal devices or remotely accessing company data, simple usernames and passwords are no longer sufficient or secure. Not to mention the risk of incoherent IAM deployment. Peripheral systems often contain the most critical data in the business, but are protected with significantly lighter controls.
Let’s not forget that many security incidents are not subject to disclosure. Some simply go unnoticed. The AMI is all the more important, backed by a strong strategy of managing unstructured content.
Most critical business processes rely on unstructured content that typically contains sensitive data, such as intellectual property, financial data, and other data that should be protected against theft and inappropriate access.
“Many large companies in the financial services industry have formalized identity as a role by appointing an internal manager to define rules, processes, and oversee identities and responsibilities to maintain the link between identity and data.” explained Allan. For him, “it is important to remember that identity can be linked to many things – for example, autonomous cars can generate information and establish themselves as identities”.
Unstructured data management approaches
Business leaders are starting to become aware of the exposed and out-of-control nature of unstructured content. Organizations then face multiple challenges: mapping existing unstructured data warehouses; find data owners and map key user groups; classify sensitive data; and define and enforce authorization rules on data warehouses.
It is therefore recommended to immediately take the following actions: audit data access; map data owners, user groups and usage patterns; analyze the rights of users and groups on the data; formulate the necessary recommendations in response to business and regulatory policies; accompany the review of user rights and authorization processes.
Lock access and privileges
Once companies have identified, mapped and classified unstructured content, they need to review their IAM systems and policies. The last step is to lock down the privileges of the users, at the minimum necessary for the execution of their tasks, in order to protect the data against malware and other threats.
In an interview at the 2016 edition of RSA Conference, Adam Laub, senior vice president of Stealthbits Technologies in charge of product marketing, pointed out the risk of leaving users with elevated privileges: “if have administrative rights on the domain and I use the corresponding identifier to log on to a publicly accessible system, an attacker can, via a successful phishing attack, obtain this identifier and use it to take hand on the domain controller. This can compromise the entire field almost immediately. ”
Companies must also observe the behaviors and the way permissions are distributed: “As an attacker gets more and more identifiers, we start to observe lateral movements. If you are able to collect authentication information, you can observe behaviors and anomalies that identify this type of activity faster. ”
Of course, to improve your security and risk management posture, there is a lot of information to digest. But businesses should start working on developing a clear picture of their unstructured content, and how identity management controls and appropriate access can protect that content.