Too Much Data; Too Much Access?
In a world in which a constant stream of data is accessible by different feeds and mediums, is there ever a time when too much access is actually a bad thing? Well, yeah. While securing end-user access should be first and foremost, limiting what they have access to is another security precaution often overlooked.
A meager 20 percent of IT professionals report fully enforcing a strict least privilege model, while another 34 percent say it’s not enforced at all, as the Ponemon Institute found in their recent report, Corporate Data: A Protected Asset or a Ticking Time Bomb? The principle of least privilege means limiting user access to the lowest level of rights that they can have and still do their jobs.
###Controlling Privileged Accounts And the same goes for administrators that often have unfettered access to not only troves of sensitive data, but the ability to change security settings that could negatively impact an organization. Those privileged accounts mean they have elevated access to not only your company’s most critical data, but also their networks, systems, applications and transactions.
As many compliance regulations require, separating the roles, responsibilities and privileges of the different types of administrators within an organization is necessary to avoid mistakes or abuses of privilege.
But as a Courian survey reports, 43 percent admit that their organization isn’t even aware of when access privileges are increased, or when access behavior changes.
When vetting a security solution, it’s important to choose a solution based not only on effectiveness, but also the type of administrative control granted to the owner of the tool. Read more about Duo Security’s administrative controls in Introducing Role-Based Access Controls for Duo Administrators.
Part of the problem is the sheer growth of emails, presentations, multimedia and other company data that makes it difficult for employees to find and access data, as 73 percent of employees reported to Ponemon, and 62 percent of IT professionals agree. Establishing an organized data structure and training both employees and admins to follow the structure might at least help them find what they need, and limit the need to have access to everything.
###Increasing Access Security
Of course, on the other side of things, access security is still paramount when it comes to protecting company data - as the Courian survey found, 97 percent of IT professionals report that misused or stolen access credentials provide the network entry point for intruders. Another 42 percent don’t feel confident that their organization would be able to even detect when access credentials are misused or stolen.
Those statistics make a case for additional access security tools that can stop intruders from getting full access to corporate networks using only access credentials. By adding a second factor, administrators and users can protect their logins from remote intruders by requiring the use of a personal device.
Whether that’s a smartphone or a token, two-factor authentication can help solve the problem of too much access and the exploitation of credentials. Find out more about two factor in our Two-Factor Evaluation Guide, or sign up and try it yourself.