The challenges facing financial organisations are not getting any easier, particularly when it comes to security. The innovation and pace of technology, along with changing industry demands and regulations, all contribute to the challenge of keeping banks secure.
With data spread across multiple environments and the ‘always on’ work ethic demanding constant multichannel access to information, the need to protect data, while remaining compliant, is more pertinent than ever before.
The universe of user identities and access points is increasing exponentially. Today’s banks need to manage access to sensitive data across multiple devices, users, on-premise and cloud applications. This creates billions of identity and access relationships between the organisation and its stakeholders, third party suppliers, remote workers, customers and so on.
Today’s employees expect immediate access to data and applications, yet are blithely unaware of the risks involved with supporting this type of access across a financial organisation. This is a classic challenge in supporting today’s identity universe – a challenge that recently made the media headlines when a South Korean bank employee with access to various databases secretly copied sensitive data on more than 20 million credit card holders onto an external drive. To be able to better understand these security vulnerabilities, we need to look at the issue of Big Identity Data.
Big Identity Data is the information produced by the constant activity of identity and access management: bringing on new users or terminating others (joiners, movers, leavers), activating new devices, launching new applications, granting access rights, and changing user roles. And in every enterprise, this “identity universe” is rapidly expanding with the growth of:
- Users needing easy access to business information and systems;
- Rights to those resources, given users’ job functions and levels;
- Targets, i.e., applications, data stores and other resources users need to get their jobs done;
- Policies regulating what users are and are not allowed to do; and
- Platforms, including in-house networks, the cloud, mobile devices and SaaS.
With this huge volume of “Big Identity Data”, uncovering risk typically requires a lengthy review of multiple systems and terabytes of data, which generally doesn’t happen. The silver lining, however, is that with powerful analytics, Big Identity Data can become part of the solution.
Big Identity Data actually presents a significant opportunity to help financial organisations to provision smarter, streamline audits, and identify and eliminate emerging threats to sensitive information before they can harm the company.
In recent years, Identity and Access Management (IAM) solutions have made great advances in helping banks to increase the efficiency of user account provisioning and more effectively manage IT audits.
However, IT and security professionals have been struggling to keep up with incessant business demands arising from increasing reliance on technology, while ensuring they remain compliant with regulatory requirements and that valuable information is protected.
For example, they are under constant pressure to not only provide access provisions, but to remember to shut down accounts of workers who have left organisations and avoid giving out too many access rights.
Technology is necessary to take control of these processes and identify potential vulnerabilities in data access. The secret is intelligent identity and access management (IAM), which continuously monitors identities, access rights, policies and user activities to identify and remediate vulnerabilities quickly.
The intelligent IAM approach displays these potential threats in visually intuitive heat maps. It can also identify patterns of behaviour that are a variance from the norm. Then the threats can be acted on, not only to resolve immediate threats, but also to improve ongoing provisioning and compliance, preventing similar risks from arising in the future.
By aggregating billions of data points and looking at patterns, intelligent IAM can flag unusual activity, orphan accounts, excessive access risks, and excessive rights to sensitive information stores. It can see what human eyes could never discover.
Financial organisations need to ask themselves how they must adapt to the vast amounts of information available to them and what steps can be taken to manage and mine the expanding universe of users, access and identities.