2019 SailPoint Identity Insider Magazine - Magazine - Page 26
MARK MCCLAIN
CEO, SailPoint
RIP The Data Breach
No, the data breach isn’t actually dead.
Yes, they’re still happening, they’re
still bad and they’re still a problem.
But man, am I tired of hearing about
it. Instead of all the doom and gloom,
can we instead focus on the positive?
Here’s what I mean. Every organization has the
same problem: there’s someone somewhere
that wants what they have. Whether it’s personal
information, intellectual property, etc., if it has
some sort of value, it’s probably already been
or going to be under attack. So why are we all
focusing only on what we can do to put barriers up
and locks on our stuff?
The Problem with “Bandaging”
It’s easy to take a problem and “put a bandage on
it.” We’ve all done it. Something arises that needs
fixing, but you have to do it quickly and cheaply.
Bandaging – AKA hiding what’s wrong and hoping
it heals without further interference – can address
enough of the problem to not take up immediate
cycles. But more often than not, it either reappears
eventually or manifests into something much more
problematic.
The issue with bandages is that they don’t solve
the underlying issues. Let’s say you have users with
too much access to, say, Salesforce. The bandage
would be to simply revoke excess access as it gets
reported or found out. But think of all the risk your
company now has – most without your knowledge.
What if you never find that excess access and
it leaves an open door to your data for years on
end? It’s pretty easy to imagine a situation where
an important sales deal could fall through or
26
|
SAILPOINT IDENTIT Y INSIDER
important plans for the future fall into the wrong
hands.
Instead of leaving the security of your company
to chance, look at solving the underlying problem.
Make sets of access that correspond to someone’s
role in the company. Then, as users move around
and change roles, their permissions can be set
to change automatically based on their new
responsibilities.
With this new, fancy automation:
• Your IT isn’t changing access on a manual
basis,
• Your organization saves time with your users
being much more efficient, and
• You also combated the data breach threat by
having better policies and correct access for
everyone involved.
Since you solved the problem by looking at the
root of the issue instead of being focused only
on outside influences, your entire organization is
much better off.
It’s Time for a Re-Focus
As a collective, let’s say enough with the doom
and gloom. We know the data breach threat is out
there. Something can – and often does – go wrong
just in the normal course of doing business. Of
course organizations are working on reducing their
risk to them as much as possible. But by being
distracted by what’s wrong outside, companies
are forgetting what could go right within.
The empowered business is much more of a
combatant against potential threats than a fearful
one. Let’s put the data breach to rest as a driving
force and instead focus on what we can control.