Get Insight from Forrester Research Analyst, Andras Cser

The budget for Identity & Access Management (IAM) often is justified by operational efficiency. Yet, breaches using stolen insider credentials are on the rise. For security and risk (S&R) professionals, IAM has become crucial to improving the company’s overall security posture.

Andras Cser, a Forrester Research Principal Analyst, has recently published research on how organizations around the world are:

• Defining the security benefits of IAM
• Reframing the business case for IAM in security terms
• Making a direct connection to the CIO’s top technology initiatives

NetIQ/ invites you to attend dinner at Moishes to learn from his research and how to make this case yourself using industry best practices.

Join your peers to network and further understand how they are leveraging Identity & Access Management to improve their security posture.

Seating is limited. Register now to reserve your spot.

Once or twice a year, the rugs would be taken out, hung on a line and beaten with a stick. Although some rug cleaning “experts” of the day did not recommend this practice – “it tends to loosen the fibers of the rug” – our great-grandparents knew that it was essential in order to maintain a healthy home environment.

No one could see those microbes hidden in the fabrics of the rugs, but evidently, they were enough of a nuisance that in May 1930, the French authorities decided that there should be no more rug-beating after 10:00AM, since it left too many microbes in the courtyards!

“And this has what to do with security?” you ask.

Well, our experience shows us that there are “microbes” living in your corporate network directory!

They go by various names:

• Expertus Ratio: the “Test Account”, often used by your own IT staff to test new services or deploy software, these accounts are often left behind once the tests are completed.
• Novus Ratio: the “Unused Accounts”, these are normally left behind by employees that are no longer with the organization.
• Terrenus Ratio: the “Temporary Accounts” that are often created for external consultants, temporary employees, interns, etc.
• Muneris Ratio: the “Service Accounts” created by applications and services installed in your network.

It doesn’t matter which directory is in use – Active Directory, eDirectory, or any other – most administrators we talk to admit that some of these “microbes” exist in their corporate directories. These microbes can be very hazardous to the health and security of your network; they’re often what hackers use to gain unauthorized access to your digital assets.

When I ask network admins about these microbes, I almost always get the same type of response; it goes something like “Yeah, we do have some of those, and I’ve been meaning to take the time to go through them.” But most don’t. Until something happens, at which point the guilt-ridden “I-Should-Have-Taken-Care-of-This!” monster comes around and pokes fun at them.

So before you even start considering identity and access management solutions, or any other security devices or systems, take action:

Stop Should-ing, take your directory out, beat it with a stick and get those microbes out!!

When talking about IT, “security” means different things to different people:

• Anti-virus
• Firewalls
• Intrusion Detection
• Event Logging
• Data-loss prevention
• etc

This year, though, CIOs are saying that Identity Management is the top priority. Combined with a recent report that shows that deploying Identity and Access Management solutions has a very short ROI, that bodes well for firms like Adaris that have great solutions to offer customers!

See the article here.

Well, now IDC has confirmed that investing in an Identity and Access Management (IAM) solution does indeed generate huge returns. Like, how about a 6.3 month ROI??

Read the report here!

And, of course, everyone was obsessed with…firewalls. This device was now becoming the most important piece of equipment on the network. After all, we had to protect our networks from the evil Hackers!

The first speaker at the conference was a highly respected technology expert; there were probably close to 1000 people in the room (yeah, before we all had broadband, people actually went OUT of their offices to network and learn stuff!). This man strutted out onto the stage, and in the most confident manner possible, proclaimed that “The firewall is dead!”

1000 people suddenly had a very stunned look on their faces, myself included. What could he possibly mean? This statement was absolutely the opposite of what everyone thought!

He went on to make his point.

“Firewalls are all fine and dandy,” he said, “but realize that you’ve got to punch holes through them to allow your users to gain access to the services you want to provide them with. Keeping hackers out is one thing, but you don’t also want to prevent your own employees from getting to what they need. Eventually, your firewall will start looking like a fine piece of Swiss cheese!”

He explained that a “boma” was a fortress-like structure used in Africa. It was meant to keep unwanted animals out and the people inside safe.

The “boma”, he went on, was the directory, the repository of your organization’s identities.

He was right. And 15 years later, that statement still holds true.

Managing the identities in your organization is critical to ensuring the security of your digital assets. Who has access to what? How many different identities in how many different systems do you need to manage for each employee? When an employee leaves or is terminated, how quickly and accurately can you deactivate all of his accounts across your systems?

Make no mistake: the Hackers are still out there, and the tools they use today make it even easier to break into your systems. And they are breaking into systems – several security experts I’ve spoken to recently are telling me that intrusion activity is at a higher level than normal these days.

CALL TO ACTION: if you don’t want to have to explain to your management executives why someone was able to login to your systems and gain access, you need to start seriously thinking about an identity and access management solution. Having at least a discussion about it won’t hurt – give us a call.