Even though IT security investments continue to grow, data breaches are flourishing too. No matter how nimble IT security teams are, it’s impossible to keep up with current approaches. How can the security industry solve the problem of data breaches? They need to be able to set baselines, and to do that they must understand the identity of those who have access to sensitive data. Integrating identity into our security practices can help us close the security intelligence gap.
The Challenges That Widen the Gap
As soon as the security industry makes advances in keeping data safe, attackers improve their skills and resources. Additionally, the infrastructure of business computing is changing rapidly due to cloud, mobility and now the Internet of Things.
In the face of these headwinds, security teams struggle with gathering the intelligence to determine whether or not a system, service or person's activity is normal and safe, or suspicious and malicious.
Pick a user in your organization. Can your team tell whether that individual's last four logins were normal? The ability to answer this kind of question is security intelligence, and organizations of all kinds struggle with it.
Even more significantly, the lack of monitoring and management of privileged users who have broad access rights to systems and data is facilitating today’s data breaches and compliance violations. This lack of monitoring also makes it hard to determine what is happening when a privileged account is compromised. All of these issues keep the intelligence gap nice and wide.
The decisive challenge comes from understanding who the users are, what is normal for them, what access they need and what is business appropriate for them. To solve this challenge, we need to broaden the use of information sources we have to better inform existing security processes.
Closing the Gap
Organizations need to place more emphasis on identity in their security practices.
Identity is often a means of provisioning access to business tools, but security teams could use identity to help them understand whether an employee’s access to a sensitive database is appropriate. And even if it is appropriate, is it normal? For instance, if an employee appears to be accessing sensitive data from a remote location on a mobile device instead of the usual method from the office, security teams can take action to determine if the employee's identity has been stolen, if the employee is undertaking something malicious, or if there is a valid business reason for the change.
As the shift from corporate-controlled IT to user-owned devices occurs and more of an organization's technology moves into the cloud, IT is losing control of large parts of the infrastructure. But by integrating these new devices and systems with their existing identity systems and by understanding identity better, security teams can gain the intelligence to help them meet the demands of the ever-changing security landscape. This “identity-powered security” can close the intelligence gap.
If the shift towards identity-powered security doesn’t take place, security teams will continue to struggle to protect vulnerable data, understand the behavior of the attackers and realize the significance of what they are monitoring. Without identity, there's no way to create a baseline, and without a baseline, there's no way to keep up with the deluge of data that will only grow.