“I think therefore I am.” – René Descartes
This isn’t just a pompous philosophical proposition of autonomy, instead it is a timely piece of advice for ensuring corporate cybersecurity. Descartes really was ahead of his time! Identity and access management (IAM) plays an important part in securing your IT infrastructure by mitigating risk from both external cyberattack, and internal threat. Any company that thinks seriously about protecting sensitive information about their employees or customers should implement adequate IAM.
That’s Privileged Information:
The basics of IAM can be defined simply through the word: privilege. Users should only have access to one account with a predetermined set of privileges. You wouldn’t give your dog walker access to your phonebook, so why give the sales team access to HR data? By providing specific privileges to individuals based on what they need to do their job, companies could significantly reduce the potential risk of data falling into the wrong hands.
Todd Peterson, IAM evangelist at One Identity, has outlined what he calls a “golden rule” of privileged IAM. IT security teams should provide the “least access and privileges” possible. “Even without embracing a full ‘zero-trust’ approach, you should restrict access only to a need to have basis. If you can, keep the data on your local network only. If possible, provide third-party access only through a secure connection such as a VPN.” By ensuring that users don’t have free reign to access sensitive data, you take the first steps to provide a secure environment for data protection.
“Your Password is too Weak”:
Once privileged access has been established, the next phase is to make sure that these accounts are secure ..
Support the originator by clicking the read the rest link below.
