2019 SailPoint Identity Insider Magazine - Magazine - Page 40
DAVE BULLAS
Sr. Technical Specialist,
IdentityIQ File Access
Manager, SailPoint
How to Get Your Data Stolen
in 5 Easy Steps
The business world today is tough. There are so
many things to do that making a priority list is an
endeavor in and of itself, much less completing
the tasks on it. For most companies today, a
top concern is governing control to corporate
resources. So, we’ve put together a handy list of
5 ways you can mark off that to-do item by just
letting your data get stolen. If it’s already stolen,
there’s no need to protect it, right?
much stuff in that particular system? Organizations
today have the same problem with finding
and then categorizing all their sensitive data
(financials, intellectual property, Board of Director
presentations, etc.). By simply ignoring that this
information exists, your organization can instead
focus on other parts of the business, and just
deal with the inevitable data breach whenever it
happens!
Step #1: Open Access to Everything
Step #4: Just Leave Things Where They Lie
One of the most-ticketed items for IT helpdesks,
other than password resets, is users asking for
access to new apps. The easiest way to solve this
problem is just open access to everything. By not
restricting anyone to any particular systems, your
IT team doesn’t have to worry about answering the
question of who has access to what. You know the
answer: everyone, even the receptionist, Karen,
has access to everything at any time.
Step #2: Don’t Be Proactive
You may accept the inevitability of someone
(whether they’re inside or outside your
organization) attempting to steal your data, but
that doesn’t mean you need to do something
about it in advance. Instead of taking up the albeit
relatively minimal amount of time to set up things
like alerts on suspicious behavior or aberrant user
access, the reactive approach will probably fit your
style much better.
Step #3: Ignore Your Sensitive Data
Have you ever had trouble finding the piece of
info you want to find simply because there’s so
40
|
SAILPOINT IDENTIT Y INSIDER
Over time, things change. It’s just how the world
(and business) works. The same is true for your
users and their role within your organization.
Rather than worrying about things like excess
access and people having corporate resources
even after they leave the company, just leave
things where they lie. Now, you haven’t taken up
valuable IT cycles with things like making sure
everyone has only the access they need to do
their current job.
Step #5: Only Govern the Critical Stuff
Eventually, your company may insist on something
being properly governed and secured. If that
happens, just do the bare minimum and only cover
the most critical parts of your organization’s IT
infrastructure. Don’t worry about things out in the
cloud any superfluous systems like email or Active
Directory. Once you’ve had corporate data stolen
the first time, you may want to extend out your
governance to more systems.
By following these 5 easy steps, you too can lead
your organization into getting its data stolen!