How to be compliant with Intelligent IAM

Posted by Steve Morin -Director, Product Management on Thu, May 19, 2016

A great deal of time and effort can be saved during management reviews and audits by using an Intelligent IAM solution to provide reports, including filtering and drill-down capabilities, trend information, and data visualization tools. These not only give managers a high-level view of progress toward goals (such as eliminating orphaned accounts and policy violations), but also they can show auditors that efforts have been made  to address  high-risk  issues, such  as monitoring access to the most sensitive data stores and controlling the entitlements  given  to privileged users. Here are a few other ways that using an Intelligent IAM solution can impact your goal of true compliance:

Continuous Improvement of Provisioning and Governance

Most users of Intelligent IAM solutions focus on the immediate benefits provided by continuous monitoring, rapid response to immediate threats, and tools to analyze risks, patterns, and trends.  But organizations shouldn't overlook the importance of strengthening their investment in existing IAM systems.increase_efficiencies_small.png

Intelligent IAM can support the continuous improvement of account provisioning, governance, and other IAM processes. By providing visibility to key areas of access risk, organizations can immediately respond and take action by either doing a microcertification to fully inspect suspect access or take a deprovisioning action against a known violation. While having a fixed schedule for access reviews is important to ensure compliance, enabling continuous reviews as and when risks become visible ensures best practice governance that continuously improves and enables a more efficient provisioning and compliance process.

Reducing over-provisioning and under-provisioning

Over-provisioning and under-provisioning are occupational hazards for everyone who defines and manages roles. Over­ provisioning creates security vulnerabilities by granting unnecessary entitlements to a role. Often this comes about when a single individual with unique needs requests new access levels or entitlements that are then assigned to the role rather than to the individual, and the entitlements are mistakenly given to everyone in that role. This potenreduce_cost_small.pngtially leads to everyone in the role being over-provisioned creating an access risk and circumvents a Least Privilege Model, which should be a best practice.

Under-provisioning occurs when an entitlement that’s genuinely needed for a role isn't assigned, forcing all or most people in the role to request that entitlement on an exception basis. This is a drag on the productivity of the employees and of the managers and resource owners who must repetitively review and approve their ad-hoc requests.

Intelligent IAM helps people who define and manage roles reduce over-provisioning and under-provisioning. With a few clicks, they can determine the following:

  • Which entitlements are rarely or never used by current members of a role, so those entitlements can be removed from the role
  • Which entitlements are frequently or always requested by members in a role , so those entitlement s can be added to  the role
  • Which individuals have excessive entitlements compared with others in the role, so the behavior of those individuals can be examined and the individuals can be assigned to more appropriate roles

Activity related information, such as last login and last transactions executed, also provides insight into whether rights are really needed. For example, if a resource hasn't been accessed for three months, there's a strong chance it's not required for that individual or others in the same role.

Closing the Governance Gap with Continuous Monitoring

Organizations have blind spots when it comes to violations of security and privacy rules. Account provisioning systems provide users with appropriate access to corporate resources when they join a company or change roles. However, changes and exceptions to rules and roles over time introduce excessive rights for individuals, leading to policy violations and access-related vulnerabilities. In many organizations, access permissions are gracompliance_governance_small.pngnted outside of approved provisioning processes. An example would be when application or database administrators grant access rights based on direct requests from a user.

Organizations should run periodic certifications asking managers to verify that existing access rights for their subordinates are necessary and appropriate. Unfortunately, busy managers often treat these as "rubber stamp" exercises. They don’t take the time to review each entitlement and consider its implications. In many cases, they lack the knowledge and tools to identify policy violations. In other cases, the sheer volume that needs to be reviewed is so overwhelming, reviewers are not thoroughly reviewing access during the certification review.

An Intelligent IAM solution can address these problems by providing not only the prevention on the front end but also continuous monitoring of identity and access-related data and events throughout the life of the user. Violations can be identified as soon as they occur (see Figure 3-2). Changes made outside approved provisioning processes can be flagged and reviewed. Data can be correlated to pinpoint Segregation of Duties (SoD) violations and other complex policy violations before they can be exploited.

Preventing Policreduce_threat_surface_small.pngy Violations at the Point of Origin

Even with an advanced account provisioning system, managers and resource owners find it very difficult to identify SoD and other policy violations.

An Intelligent IAM solution can be integrated with a provisioning system to flag potential policy violations at the time an access request is being reviewed. It can also give the reviewing manager or resource owner tools to drill down and look at the recipient's current entitlements and those of his or her peers, to determine if the request is necessary and appropriate. It's far less work to prevent a policy violation at the point of origin than to find it during a large-scale certification (or through a security breach).

In the near future, intelligent IAM solutions may be able to improve provisioning decisions by supplying recommendations based on real-time risk scoring. This would allow decisions to be made based on the risk profile of the enterprise, users, applications, and resource at the time of provisioning.

One example of such "intelligent provisioning" would be to set up three workflows so that


  • Low-risk access requests (as determined by the organization in the IAM solution) are granted automatically without requiring the attention of a manager.
  • Medium-risk requests are sent by the provisioning system to a manager for approval.
  • High-risk requests require approval by a manager and escalation to a higher level executive for final approval.


With changing policies, regulations, access, and more, it is hard to keep up with the trillions of relationships that happen within an organization on any given day.  With an Intelligent IAM solution, adapting to these advancements is considerably more effective and straightforward. By allowing managers to have increased visibility of the tasks, goals, and issues at hand, an Intelligent IAM Solution allows for both better efficiency and productivity within the company. By enabling continuous reviews, an intelligent solution guarantees that high-risk situations can be monitored and corrected using immediate precautions. This solution helps reassure that all audits are successfully organized by providing reports, including filtering and drill-down capabilities, trend information, and data visualization tools. Not only will an Intelligent IAM solution help you pass your audit but it will put your organization on the path to true compliance.

Want to learn more about how intelligence can impact your organizations approach to compliance? Download our new eBook Improving IAM with Intelligence for more information or schedule a demo to see Access Insight 9 at work. 

Tags: access compliance, access rights, Access Insight, access risk, compliance

Why Deleting Security Groups Doesn't Have to be Scary

Posted by Ashley Sims - Marketing Manager on Thu, May 12, 2016


A few months ago our very own Chris "Sully" Sullivan, GM- Analytics/Intelligence, delivered a speech to the Gartner Identity and Access Management Summit to a group of IAM ninjas in London. Confession - I love hearing Sully speak. I always learn something and I love seeing the crowd as they learn these things along with me. However, at this event I was actually more surprised than usual at the response that he got when he asked the simple question "how many people here delete security groups?"


You might as well have asked them if they would be willing to donate a kidney to a stranger or forgot their cell phone at home that morning. Needless to say, most everyone sort of looked at Sully like he was crazy which was exactly what he was going for.


The reason, he explained, that no one deletes these groups is because they can't tell what is in them. Can you imagine deleting a group because you thought no one needed it and it turns out that you just shut off your CEO's access to an application that he/she uses daily? Not a good look for the security team.


Sully's point for the presentation was that now, with access intelligence, you no longer need to be afraid of deleting these groups and cleaning up your network because you can finally drill down into these security groups and understand exactly what is at stake. The primary reason companies are loath to delete security groups in Active Directory is because they simply don’t understand the complexity of access such as how access is granted, nested entitlements, and direct versus indirect assignment of access.


All businesses, regardless of industry, are faced with an exploding universe of identities, devices and data that employees require to do their job. The expanded use of mobile and cloud devices, along with non-employee and transitional employee access means that risk management and compliance is extending far beyond traditional enterprise limits. This can equate to trillions of access relationships that put your company at risk. How are you supposed to see into all of these relationships and understand the risks they pose?


With actionable intelligence through Access Insight 9.0 you get a comprehensive and continuous view and analysis of these trillions of relationships between identities, access rights, policies, resources, and activities. Our analytics engine pulls in these large amounts of identity and access data and stores them in its proprietary in-memory access analytics engine. The "engine" correlates relationships that exist between user identities and their fine-grained access within an organization. These analytics identify potential risk in a current and historical perspective in lines of business, governance, operations and applications.


For example, our Access Explorer builds every Active Directory Group out in a spider diagram so that you can see AI_Spider.pngwhose access is connected and where your privileged accounts are linked to. 


Not only can you drill down into these details but our analytics provide the ability to analyze large amounts of identity and access data against policy and company defined models of activity patterns. This gives you the ability to personalize policies for your organization and with any change in these policies you can be immediately notified at any signal of dishonest or malicious behavior. Imagine having a solution that would automatically alert you and require a micro-certification when an account had access to do more than you believe it should?


It's time to start using all of this collected data to our advantage. It's time to start looking at our access relationships and prioritizing the risks our organization faces. Weather you have an Identity and AI9_Access_Risk__300x2506.jpgAccess Management solution or are working within your Active Directory, Access Insight can put your data to work for you.


Want to see how this looks within your organization? Request a demo of our Access Insight solution and see how actionable intelligence can help prioritize risk and transform your organization's security.


Tags: access rights, Access Insight, access risk, intelligent IAM, identity and access governance, Identity & access management, intelligent identity and access governance, intelligent identity and access management

How Intelligence Enhances Your Cyber Security

Posted by Emily Turner- Product Owner, Access Insight on Thu, May 05, 2016

If you are reading this blog, you most likely understand the benefits of adding identity and access management (IAM) solutions to your business. However, what if you could make that solution better, faster, and help you become proactive instead of reactive? You can! Just add intelligence.

Adding intelligence to your IAM solution can turn complex data into actionable information and find trouble spots, as well as high risk areas. It can compare across roles and with peers, as well as investigate high-risk individuals, groups, and situations. 

Adding Intelligence

By connecting with an organization's applications and collecting information, IIAM solutions continuously monitor information about identities and collect data related to resources (including applications, databases, and files), access rights, access policies, and user activities such as creating accounts and logging on to applications.

This information, which may amount to gigabytes or terabytes of data, is organized in a data warehouse, as seen in Figure 1. Identity and Access Intelligence (IAI) is applied and analyzes the identity and access data using advanced analytic tools to perform data mining, statistical analysis, data visualization, and predictive analytics.

1.pngFigure 1: Data Dissemination capabilities when using IAM 

These data analysis tools aren't generic. They draw on IAM­ specific policies, rules, and risk indicators to provide information of immediate value to IAM administrators, analysts, compliance officers, and incident responders.

An Intelligent IAM solution provides the following:

  • Reports and graphics showing IAM activities and risk factors
  • Notifications and alerts about policy violations and suspicious event Can we show alert screen?
  • "Micro-certifications" triggered by questionable activities and events
  • Automatic remediation , such as removing entitlements and disabling administrator accounts obtained without approval
  • Risk scores that can be shared with provisioning systems and other applications (for example, a score that can be used to determine if special approvals are needed for a provisioning request)
  • Ad-hoc reports and analyses, created by analysts to explore specific issues and risks

These capabilities allow Intelligent IAM solutions to help organizations overcome the governance gap, the complexity gap, and the context gap.

Rapid Response: Turn Complex Data into Actionable Information

An Intelligent IAM solution should not only be able to monitor key data continuously, but also it should provide a flexible range of options for rapid response and remediation. In most cases, the appropriate  option  is a notification  or alert  to a  staff member who  can investigate  and  determine whether  or not the alert represents an issue that requires follow-up. 

In other cases, a specific action should be triggered, such as a micro-certification, or even automatic remediation. In all cases, the solution should not only provide notification of a possible violation or issue, but also it should provide related data, and  if possible recommended actions to make it easier to address the situation. The solution can also improve security analysis and risk management.

                                              Finding Trouble Spots and High Risk Areas

Privg_accts.pngAn Intelligent IAM solution can pinpoint trouble spots, weak points, and quickly answer key questions such as the following: 

  • Which accounts have the most privileged entitlements and haven't reset a password in hundreds of days?
  • Which individuals have the highest number of access rights when compared to peers?
  • Which business units have the most orphan accounts?

An Intelligent IAM solution can provide answers to questions in seconds, helping security and IAM analysts to:

  • Quickly detect potential indicators of attacks and security breaches (for example, a user account receives privileged access directly to a target application)
  • Focus their efforts on high-risk situations (f or example, accounts with many privileged entitlements that haven’t reset their passwords in over 90 days -check out Figure 2-3)

 Comparisons across Roles and with Peers

An IAM solution can correlate data to compare users with others in the same role, or with any individual in the organization who might provide a useful benchmark. Analysts, business managers, and resource owners can answer questions like “Does John Smith have more access rights than other financial analysts?" and "How do the access rights available to John Smith compare with those of Jane Jones and William Brown?"

These comparisons are extremely useful for assessing new access requests from individuals, for identifying excessive rights that accumulate when people move through different positions, and for highlighting outliers that may indicate a process problem or a misbehaving user.

Comparisons with peers also have the advantage of giving enterprises a way to identify elevated access (and risk) with­ out the expense of a major initiative to define and manage roles.

Investigating High-Risk Individuals, Groups, and Situations

With an intelligent IAM solution, you can investigate and analyze high-risk individuals, groups, and situations, as well as compliance violations. This process makes it easier to answer questions like the following:

  • Are there domain administrator accounts whose pass­ words have never been changed?
  • Which non-sales systems has this salesperson been accessing?orphaned_accounts.png
  • Is anybody accessing patient medical information with­ out a genuine "need to know"?
  • Which accounts with at least five entitlements haven't been used in more than 30 days?
  • Does this account have a suspicious number of privileged entitlements?
  • Should part-time employees receive all the access rights they are routinely granted?
  • Do contractors continue to access resources after their projects end?
  • Are system administrators routinely assigned rights they don't need to perform their jobs?
  • Does this business unit have an abnormal number of accounts with unnecessary entitlements (that is, access rights that have never been used)?


IAM_dummies_300x250.pngCan your Identity and Access Management solution do all of this? With Access Insight 9.0 it can! Access Insight 9.0 is Courion’s newest intelligence tool works with Courion’s IAM solution, another vendor’s or even when no IAM solution is present to help you make sense of your complex access relationships. 

Want more information on how intelligence improves IAM? Download our eBook “Intelligent IAM for Dummies” or schedule a demoof Access Insight 9.0 for your orgaization and learn how you can get the most out of your complex data. 


Tags: Access Insight, IAM, access risk, intelligent IAM, IIAM

What's New in Access Insight 9.0?

Posted by Emily Turner- Product Owner, Access Insight on Tue, May 03, 2016


Businesses in all industries need to manage the exploding universe of identities, devices and data employees require to do their jobs. To help make sense of the trillions of relationships, today Courion releases Access Insight 9.0.

Access Insight identifies the risk associated with any misalignment between users and their access within your organization and drives provisioning and governance controls to manage that risk. Specifically designed to answer the critical questions “Who has access to what resources?” and “Have they been given the right level of access?” Access Insight provides IT security, compliance, business and risk professionals with the data and tools they need to successfully deal with these complex challenges.

How does Access Insight 9.0 Work?

Access Insight provides a comprehensive, continuous view and analysis of the trillions of relationships between orphaned_accounts.pngidentities, access rights, policies, resources and activities across a multitude of enterprise systems and resources. Access Insight:

  • Works with Courion’s industry-leading portfolio of IAM solutions, or in conjunction with other IAM solutions to identify potential risks to the business, so you can quickly modify access as needed.
  • Is platform agnostic, and integrates with virtually any data source and commonly used IAM and/or security management application (e.g., SIEM, DLP, AD and others).
  • Enables you to easily configure policies that align with your organization’s corporate and regulatory policies – alerting you to intentional or unintentional violations.

The Access Analytics Engine

Access Insight 9.0 boasts a new analytics engine based on the Privg_accts.pngtechnology Courion acquired from Bay 31 in 2015. This engine enables companies to analyze complex data at significant scale with incredible speed. Access Insight pulls large amounts of identity and access data in continuously, and stores this in its proprietary in-memory access analytics engine. The “engine” correlates identity and access relationships to identify and prioritize risks, surfacing all deeply nested relationships that exist between user identities and their fine-grained access within an organization. These analytics identify potential risk in a current or historical perspective in lines of business, governance, operations and applications.

How it Works:

  • A business-friendly dashboard offers a variety of graphical displays and interactive interfaces, so that an organization’s access-related risks and risk levels can be easily viewed by line of-business managers and authorized users.
  • The access analytics engine continuously gathers and synchronizes an organization’s IAM and IAG information from multiple sources to compile a complete picture of an organization’s identities, access rights, resources and activity.
  • Automated data collection increases operational efficiency and reduces operational costs by eliminating labor-intensive IAM processes and drawn out efforts to demonstrate compliance.
  • Continuous governance and automated policy management provides the ability to automatically evaluate and act upon risks associated with users’ access and activities in accordance with an organization’s corporate controls and government regulations, enabling you to proactively create and enforce policies.access_explorer.png
  • Automated notifications alert you to changes and non-adherence to your organization’s corporate and regulatory policies; notify you of any conflicts and enable the swift assessment of risk level so appropriate action can be taken immediately allowing you to continuously maintain compliance.
  • Remediation controls automatically identify and remediate improper access, including intentional and malicious changes to user access that could harm your organization, as well as unintended changes to access.
  • Access analytics provide the ability to analyze large amounts of identity and access data against policy and company defined models of activity patterns. Changes in normal access activity patterns may be a signal of dishonest or malicious behavior. Quickly identify unused or obsolete access entitlements.
  • Drill-down capability allows you to further investigate details for potential threats and resolve risks immediately.

To learn more about Access Insight 9.0, view our datasheetor request a demo with one of our solutions consultants.

Tags: Access Insight, access risk, intelligent IAM, IIAM, intelligent identity and access management

What does "Compliance" mean to you?

Posted by Ashley Sims - Marketing Manager on Thu, Apr 07, 2016

Compliance is a word that we hear a lot in our business. Broadly, it is defined as "the action or fact of complying with a wish or command." 

If that seems like a simple definition, it's because it is. It's too simple. In today's world, not only do you have to comply with the wishes of customers, vendors, and board members; you have to make sure that you are compliant with any one of several governing boards in your industry. 

HIPAA. SOX. NIST. PCI-DSS. These are just a few of the most well-known regulations that businesses have to follow, and they all create very unique challenges for organizations. 

In order to get a better handle on what "compliance" means outside of Webster's definition, we asked some of our Brent_quote.jpgfriends around the cyber-security industry to help us out and answer the seemingly simple question: "What does 'Compliance' mean to you? 

"What does compliance mean to me? In short, it’s the bare minimum standard we must meet in order to be able to demonstrate security. Compliance gives us a common language to use between regulators, auditors and security to evaluate the effectiveness of our controls."

Brent Comstock - VP, Identity & Access Management, Elavon 

"Compliance is simply defined as the ability to comply with a set of rules or requests.  As a CFO, we typically think of this as ensuring the organization has the requisite systems of internal control that adequately manage the risks that the corporation faces in multiple areas (such as legal risk, financial risk, regulation risk, IT risk, data risk, etc). Interesting to note that organizations continue to equate compliance with security with an inappropriate reliance on historical system compliance procedures leading them to mistakenly believe that their company is more secure."

Curtis Cain - CFO, Courion Corporation 

"With Information Security this goes further and it is more than just acting in accordance with regulatory conditions or requirements.  It is consistently acting with initiative, which according to Victor Hugo is “doing the right thing without being told.”  For one reason or another, some wait until they are told what is right or wrong prior to acting, but this places industries at risk, especially if they are not taking steps to proactively protect their technologies and the information housed within."

Alex Naveira, CISSP, CISA - Director, ITGA & CISO, Miami Children's Hospital 

"In order to be successful and achieve the appropriate level of compliance, the CIO must advocate for a Compliance Governance within the HCO.  The CIO can be the catalyst but it will take a village of leadership and stakeholders to weather the strong currents that drive compliancy."

William "Buddy" Gillespie, HCISPP, ITILv3 - WJGillespie HIT Consulting  

Do these definitions ring true in your business? If not, tell us what compliance means to you in the comments. 

Looking for more information on how your organization can become or remain compliant? Courion and Core Security have multiple options for maintaining compliance across all industry and government regulations. Find out more here or contact us at


Tags: access compliance, hipaa compliance, access risk, compliance

How does Vulnerability and Access Risk Management Work?

Posted by Felicia Thomas on Thu, Mar 31, 2016
When a company wants to prevent breaches that come through vulnerabilities, it can detect them with a vulnerability scanner. These scanners will show all vulnerabilities in the iStock_000074019755_Double.jpginfrastructure, from tens to thousands, based on the size of the network. In addition, many vulnerability management solutions offer antivirus software capable of fact-finding analysis to discover undocumented malware. If it finds software behaving suspiciously—such as attempting to overwrite a system file—it will provide an alert.
Fast-acting correction to these vulnerabilities, such as adding security solutions, or educating users about social engineering, will be the difference between exposing a system to potential threats and protecting the system from those threats.
iStock_000076260879_Full.jpgAccess risk management (ARM) is the part of an IAM solution that identifies, assesses, and prioritizes risks from an access provisioning and compliance perspective. Because there are various sources from where risk comes from, utilizing access risk management helps to continuously monitor a system while providing preventative measures to manage user access and account entitlements.
Having VARM as a threat solution helps when identifying the sources of potential risk. Risk sources are more often identified and located not only in technological assets but within infrastructure and other tangible elements. It is extremely difficult for IT security personnel to be able to apply an objective and systematic observation of the state of their network without a solution in place. Utilizing VARM helps to identify not only that something is wrong, but it can support the clear
understanding of how, when and where to act on a potential threat. 

Want to learn more about Vulnerability and Access Risk Management and how it can help your organization?VARM_600x315.png Download our new eBook and learn: 


  • How Vulnerability and Access Risk Management really works
  • VARM's impact on governance and remediation 
  • Tools to remediate vulnerabilities 
  • Prioritization for reducing risk 
  • Check list for a VARM solution 

Tags: access governance, access risk, access management, vulnerability management, vulnerability risk management, vulnerability, Vulnerability and access risk management, VARM

Checklist for a Vulnerability and Risk Management Solution

Posted by Felicia Thomas on Thu, Mar 10, 2016

Tags: access rights, access risk, identity and access management, Identity & access management, vulnerability management, vulnerability risk management, vulnerability, Vulnerability and access risk management, VARM

What is Vulnerability and Access Risk Management?

Posted by Felicia Thomas on Thu, Mar 03, 2016

Threat intelligence is a company’s worst nightmare which pushes cyber security and risk management to the top of the list for standard operating procedures (SOP). Traditional risk management is a thing of the past, and corporations have begun investing in top-notch security solutions for their various databases. Although no solution will ever be 100% capable of preventing attacks, there are solutions that can help provide roadblocks to deter these occurrences. With proper detection solutions, a company becomes proactive—rather than reactive—to fight against vulnerabilities that exist in their systems.

Large organizations are riddled with increasing threats to their system infrastructures and customer data. TheiStock_000065499107_Full.jpg vast majority have moved into protecting these assets with Identity and Access Risk Management (IAM). An emphasis on compliant provisioning of users, identifying management of roles, the maintenance of compliant roles, and processes to manage segregation of duties (SoD) are the focuses of this type of management tool. However, in some cases, the traditional IAM solution is not enough protection against threats.

Many large corporations want an automated, rules-driven solution that can provide quick remediation around network access controls. However, before an attack occurs and remediation can begin, there is the challenge of anomalous activity detection from the infrastructure level. To help with this detection, many companies have instituted consistent monitoring by scanning the system for potential threats to safeguard their infrastructures.

Dynamic provisioning capabilities through IAM, and the proper protection to deter attacks from the infrastructure level with vulnerability management, can position a corporation to achieve the best level of protection possible. This introduces the concept of the acronym VARM – Vulnerability and Access Risk Management. It’s not just the first line of defense; it’s a complete, end-to-end solution that will break the “kill chain” from system threats within the enterprise.


Want to learn more about Vulnerability and Access Risk Management and how it can help your organization?VARM_600x315.png Download our new eBook and learn: 


  • How Vulnerability and Access Risk Management really works
  • VARM's impact on governance and remediation 
  • Tools to remediate vulnerabilities 
  • Prioritization for reducing risk 
  • Check list for a VARM solution 

Tags: access risk management suite, IAM, access risk, intelligent IAM, identity and access management, Access Risk Management, Identity & access management, vulnerability management, vulnerability risk management, vulnerability, Vulnerability and access risk management, VARM

A New Weapon of Mass Destruction?

Posted by Debbie Louis on Mon, Feb 10, 2014

Debbie LouisThe words “weapon of mass destruction” are not a common household term, but it is one that is often bandied about in my home. This has come about because my husband is an academic whose entire career has focused on nuclear weapons, arms control, and American defense policy. So we often characterize household issues using uncommon vernacular that fits within these categories. 

It occurred to me recently that while “weapon of mass destruction” has been used for the past 80 years to identify chemical, nuclear and biological weapons, there is another weapon lurking out there that can also be characterized as a WMD because it too can cause great harm and destruction. And while the magnitude of this new weapon can’t be compared to the loss of life caused by atomic missiles and chemical weapons, the magnitude of destruction it can cause is also massive. While this new threat can be characterized as a “weapon of terror” or a “weapon of intimidation”, it is more commonly known as “cyber technology threat”. Regardless of the specific designation, however, the bottom line is that all these weapons cause significant, destructive impact within seconds of reaching their target. And the targets themselves can vary from cities, to specific individuals in enemy territory, to network systems, to private health care information, to our personal financial information, to our children’s school and sports schedules.Weapons of Mass Destruction

The opportunity for this new WMD to cause harm presents itself in a seemingly innocent and innocuous way. It begins with a password. It begins with access. And here again, the analogy to the nuclear world is very clear. Unauthorized access has been a challenge and major concern since the first atomic bomb was designed. Imagine a stereotypical movie scene in which two military personnel desperately struggle to reach the missile launch switches that must be thrown simultaneously? Or the codes which are dispersed so that no one individual has the power to authorize a missile launch? We take great care to manage access to nuclear power in whatever form. We must now take great care to prevent access by the new WMD.

cyberterrorismThese threats clearly occur at multiple levels: threats to individual privacy, to corporate information and operations, to critical social infrastructure (electricity grids, for example), and even to military activities. And we have seen incidents of these threats continue to rise in number as technology becomes more sophisticated and we become more dependent on new technologies to navigate through our daily lives as students, farmers, sports enthusiasts, software programmers, or professionals.

Intelligent IAM is the best defense system that can be installed to manage access risks. Think of it in the same way we think of missile defense systems. Think of it as an Early Warning System that initiates alerts to possible issues and questionable behaviors. Think of it as a system that prevents massive destruction by the new WMD, cyber technology threat.

Tags: intelligence, Louis, IAM, access risk, cyber technology, intelligent IAM, cyberterrorism, password, Debbie

There’s a Mouse in My House: Access Rights, Activity and Auto Repair

Posted by Doug Mow - CMO on Mon, Dec 02, 2013

Doug Mow, CMOThe plight of the marketer is to distill the essence of a company’s mission in a way that it can be easily understood by virtually anyone.  Since joining the IAM technology sector, I have sought a way to describe identity and access management to my mother. My mother is not stupid. She is on the board of three organizations. She hangs out with high-powered people such as politicians, journalists and rock stars like Joan Jett. She possesses the wisdom of a woman approaching 80 years old. But she does not know what IAM stands for, and recently, when I encountered a ‘domestic issue’, I realized that it provides the perfect metaphor to help my mother better understand IAM and access risk.

We at Courion examine data relevant to identities, rights and entitlements, policies, resources and activities.  I will map these as they exist in my household:

With our daughter now in college, there are four ‘users’ in our household. It’s me, my wife, our cat and a newly acknowledged mouse. By newly acknowledged, I mean that while we knew we had a co-habitant, we were willing to coexist peacefully with the ‘orphan account’ until recent activities, as described below, heightened our awareness.

Our role definitions are:

-        I am the primary bread winner and alpha male. While I do not drink beer, I do enjoy watching football and other sports. I have access rights and entitlements to most everything, but not all things.

-        My wife is the property manager and executive management. She has privileged access to all resources and must approve some things for me. For example, I must “ask permission from management” before I blow off yard work to go play golf. That is our segregation of duties to insure that there is no taking advantage of the system.

-        The cat thinks he is the alpha male, but is not. He thinks he has privileged access but he does not. In my view, he has rights in excess of his role and he’s always looking for more and is very vocal about it – especially at mealtime.

-        The mouse is the rogue entity. Nobody provisioned access for him, although he probably considers us the intruders.  We suspect he hacked his way in with an advanced persistent attack.

We have policies that govern our actions. I do the yard work, keep the cars maintained, and loaf around on Sundays. My wife keeps the home, manages finances, and provides executive oversight. The cat is an indoor cat, so he willingly enforces the “don’t go outside” policy himself and is forbidden to go in certain areas of the house. The mouse, unaware of any policies, seems to have the run of everything – the worst orphan account, excessive rights and privileged access case I’ve ever seen.

My wife has system administrator access to all resources at all times. There are resources she chooses to avoid, like power tools and other gasoline powered items. I have system administrator access to some things, but not all.  For example, my wife writes the checks. If I want to write a check I have to ask her for one (more SoD).

The cat thinks he can access all resources, but hey, he’s a cat so perception is reality. He roams freely and has multiple spots to crash. But he doesn’t spend money or use power tools, so access risks are low.

The mouse on the other hand, is another story altogether. Unfortunately, we thought the orphan account was harmless, but recent further examination of the mouse’s ‘activity’ illuminated our organization’s resource access problems.rogue mouse in engine

My car is in the shop right now. Apparently, the mouse, given his unchecked elevated access privileges, built a nest under the hood of my car. What’s more, he’d taken cat food from the house and carried it to the car to build the rodent equivalent of a two-story condo with a gourmet kitchen in my engine compartment – the heat of the engine is his microwave. To add insult to injury, he dined on the ignition wiring harness – apparently quite the tasty dish. Who said he had access to that level of cuisine? And, where’s the cat?  It’s his responsibility to watch that access and revoke privileges. 

It was the twice annual audit (routine car maintenance) and the large fines and penalties (auto repair bill) that highlighted these compliance violations. The car functioned fine last spring. I had no idea what had transpired since my last audit. And, everything seemed normal from the driver’s seat. How did all of this unwind without me knowing about it?

I clearly needed better role definition and access privileges. But, what I really needed was continuous monitoring so I could have stopped the construction of the mouse ‘pad’ before the damage was done.  I could have taken remedial action when I spotted it. My inaction is now costing me fines and penalties and the cat’s brand is tarnished beyond repair and his competence as a mouser is in question. In any case, I have to take serious action, now.  I am going to remove all access for the mouse/mice with a more drastic move. I have to de-provision all access as quickly as I can.

Ok, by using this metaphor I don’t mean to make light of people’s misfortunes other than my own.  Identity and access management and risk mitigation are serious business and can hurt organizations badly. Someone challenged my creativity to see if I could relate this story to IAM issues. What can this tell us?

Periodic reviews to check for compliance are required. But, do they reduce risks? Maybe. In this case, it can reduce the normal car care risks associated with oil change, fuel injector replacements, routine maintenance and the like. It did not, however, reduce the unforeseen risks associated with unauthorized access and excessive rights. Continuous monitoring and frequent access checks would have mitigated the risk and kept things more in line.

How frequently does your organization conduct access certification reviews? Are you examining all access related activity to assess risk? Have you provisioned proper access from the start and do you have automated means to revoke access and privileges quickly?

Tags: Doug, Mow, SoD, rights, orphan account, resources, certification, policies, access risk, identities, entitlements, audit, compliance, identity and access management, activity, system administrator, provision