RIP The Data Breach
No, the data breach isn’t actually dead. Yes, they’re still happening, they’re still bad and they’re still a problem. But man, am I tired of hearing about it. Instead of all the doom and gloom, can we instead focus on the positive?
Here’s what I mean. Every organization has the same problem: there’s someone somewhere that wants what they have. Whether it’s personal information, intellectual property, etc., if it has some sort of value, it’s probably already been or going to be under attack. So why are we all focusing only on what we can do to put barriers up and locks on our stuff?
The Problem with “Bandaging”
It’s easy to take a problem and “put a bandage on it.” We’ve all done it. Something arises that needs fixing, but you have to do it quickly and cheaply. Bandaging – AKA hiding what’s wrong and hoping it heals without further interference – can address enough of the problem to not take up immediate cycles. But more often than not, it either reappears eventually or manifests into something much more problematic.
The issue with bandages is that they don’t solve the underlying issues. Let’s say you have users with too much access to, say, Salesforce. The bandage would be to simply revoke excess access as it gets reported or found out. But think of all the risk your company now has – most without your knowledge. What if you never find that excess access and it leaves an open door to your data for years on end? It’s pretty easy to imagine a situation where an important sales deal could fall through or important plans for the future fall into the wrong hands.
Instead of leaving the security of your company to chance, look at solving the underlying problem. Make sets of access that correspond to someone’s role in the company. Then, as users move around and change roles, their permissions can be set to change automatically based on their new responsibilities.
With this new, fancy automation:
• Your IT isn’t changing access on a manual basis,
• Your organization saves time with your users being much more efficient, and
• You also combated the data breach threat by having better policies and correct access for everyone involved. Since you solved the problem by looking at the root of the issue instead of being focused only on outside influences, your entire organization is much better off.
It’s Time for a Re-Focus
As a collective, let’s say enough with the doom and gloom. We know the data breach threat is out there. Something can – and often does – go wrong just in the normal course of doing business. Of course organizations are working on reducing their risk to them as much as possible. But by being distracted by what’s wrong outside, companies are forgetting what could go right within. The empowered business is much more of a combatant against potential threats than a fearful one. Let’s put the data breach to rest as a driving force and instead focus on what we can control.
You can find this article and more in the Identity Insider magazine.