The Evolving Insider Threat

Trusted employees have always posed a threat to business. Not long ago the theft of intellectual property meant simply walking out of a factory with a proprietary part or blueprint.

Today, the insider threat is much more insidious, and it’s on the rise. According to the Insider Threat Spotlight Report, 74% of organizations feel vulnerable to insider threats, and 56% of security professionals say insider threats have become more frequent in prior 12 months.

What’s causing this new dynamic? Here are three trends that are driving the increased risk of insider threat.

Increasing IT Complexity

Gone are the days when employees used a single desktop physically connected to the network. Employees’ computing habits have changed, and while these habits typically increase employee productivity and job satisfaction, they also increase IT complexity.

It’s not unusual for a single employee to connect to the corporate network with two or three different devices during the course of the day. Some of these, like a corporate-issued laptop, may be managed by IT, but others, like a personally owned smart phone or tablet, are not. If a device is lost or stolen, so is everything on it, including corporate data. This has increased the complexity of managing not just who accesses the network—but how.

Software-as-a-Service (SaaS) solutions have also changed the way employees consume IT services. SaaS offerings are designed to address a variety of business needs, from file sharing and collaboration to project management and specific functional needs. Oftentimes, SaaS applications are free or low-cost, at least to get started. Departments, or the line of business, can easily test a dozen SaaS solutions, which is faster and more convenient than putting in a requisition with the IT organization.

But this also means that cloud applications can be adopted without IT oversight. If that happens, IT doesn’t have the mechanisms in place to enforce strong credentials, if they even know that the applications exist. When employees abandon one of these applications, corporate data can remain on an unknown server in an unknown data center.

Meanwhile, IT infrastructure continues to grow and evolve, both on premises in the corporate data center and in the cloud. Instead of simplifying the IT environment, technologies such as virtualization and cloud services add layers of complexity.

These technologies also expand access to include capabilities and rights that certain functional positions haven’t had before – and that they don’t need. For example, administrator access to big data implementations often provides access to much more than the specific actions and commands needed to perform their job.

As the IT infrastructure becomes increasingly diverse, heterogeneous, and siloed, identities proliferate, and IT organizations may struggle to maintain centralized oversight.

Blind Spots in Identity Infrastructures

Taking a disparate approach to managing these identities, either in silos or on local servers, not only creates additional overhead, but introduces blind spots where IT lacks visibility into specific accounts. Without visibility, it is difficult to identify and remediate potential security threats—such as determining whether an employee is abusing their access privileges.

Blind spots also impact the organization’s ability to pass regulatory and policy compliance audits. For example, a common identity challenge for many organizations is the lack of visibility into local administrator accounts on Windows machines. This is a common cause of failed audits because there’s no way to tell who has done what. Audit failures also occur because of inconsistent or nonexistent password policies.

A centralized identity management platform can provide the visibility that IT organizations need to oversee identities across the entire organization. This type of platform can also help IT prove that the users who access servers and applications are indeed who they say they are, and provide an auditable trail of each user’s activities.

Freelancers and Contractors

The concept of the trusted insider now extends beyond full- and part-time employees. The need to run lean and mean has many organizations hiring freelancers, contractors, and service providers to help with everyday tasks. Departments also outsource work in order to access specialized skillsets. A small startup, for example, might outsource its blog to a content marketing firm, or a development organization might hire a cloud application development firm to migrate its apps to the cloud.

In all of these scenarios, third parties have access to valuable systems and data. Those identities must be managed to prevent privilege escalation, and to ensure that credentials are revoked if an employee at the third party company leaves. The employees at the third party itself pose a risk, but there is also the risk that a contractor’s user credentials will be compromised and used to gain unauthorized access.

The Bottom Line

The insider threat isn’t going away – in fact, it continues to grow and evolve. With an increasing number of applications and systems, and users accessing those systems, IT organizations need to implement a simple and standard approach to managing identity-related risks associated with insiders of all types.

A unified identity management platform can help IT better manage the insider threat today and securely support next-generation IT and business initiatives. Furthermore, IT can continue to leverage its existing identity infrastructure to protect current investments and lower total cost of ownership while reducing management overhead.

To learn more about how to fully secure your identities, download the Centrify white paper, “Platform Approach to Securing Enterprise Identities.”