As we continue to discuss Identity Management (IdM) this blog will focus on Internal IdM. Internal IdM is simply the identity management systems, policies, and practices an organization follows to grant access to their internal employees. Internal employees could also include contractors performing work for the organization.
It is almost impossible when talking about Internal IdM to not be also discussing the Principle of Least Privilege. The Principle of Least Privilege, or sometimes referred to as Principle of Least Authority, in simple terms is granting only access to individuals based upon their need to have access to those systems or the data required to perform their function. Privilege creep is what most organizations fail to address and leads to non-adherence to Principle of Least Privilege. Privilege creep happens when employees move around within the organization and need different access levels. Many times they will transition to the new position and inherit new access rights, but the part that is often overlooked is actually removing the permissions no longer needed. It is a gradual accumulation of access resulting in having access to data or systems not required to perform the job.
Another issue organizations run into with IdM and managing access to information is the security given to data. Many times organizations will have data that allows anybody in the organization to access the data whether they need it or not. According to a Varonis study conducted in 2016, while performing audits on 80 companies, they found 48 million folders, or an average of 20% of all folders, accessible to global groups. Strikingly the numbers didn’t get better when dealing with sensitive data either.
One final area that is a problem area is passwords and rules about the passwords. Everyone has heard the stories of the passwords being written on a sticky-note underneath the keyboard. While that is a problem and user awareness training goes a long way to remedying some of those issues, a major problem with passwords is allow for passwords to never expire. Within working environments such as the government where Information Assurance is a primary focus, it can be frustrating to change passwords every 60 or 90 days. However, having passwords set to never expire is susceptible to brute force cracking of the password.
IdM can help organizations solve these problems. By providing the management capability and oversight required to maintain the Principle of Least Privilege as new employees are brought onboard or as they move throughout the organization. Keep in mind, or reference, previous posts on IdM that even though it might seem financially or technically daunting there are options available to assist organizations implement proper IdM solutions. Simeio offers a full line of solutions