According to a recent PwC whitepaper, the biggest security threats originate within the walls of an organisation itself. As a result, it is now more important than ever for enterprises to control access to systems.
Indeed, the research also traces almost a third of all reported incidents back to current employees. In effect, it is absolutely vital that the right people have the right access, at the right time to ensure robust security.
A conventional approach to security threats
As the report notes, organisations have struggled to find a process that aids businesses to determine what constitutes appropriate access. Typically, organisations grant access on the principle of “least privilege”, with periodic “snapshot in time” access certification campaigns.
However, the current approach often hinders the certifier from becoming fully informed and productive. Access can lack a business friendly description and a lack of intelligence regarding certification decisions, which makes it difficult for companies to meaningfully certify access.
Moreover, many enterprises simply lack the time or resources to complete a comprehensive access review. In turn, bulk managers become overwhelmed by too many requests and instead resort to “bulk approving.”
Business environments are now also more demanding and fluid. Despite this, the adoption of emerging technologies and an increasingly agile workforce both add additional volume to the existing access certification challenge.
Implementing a two-tired approach
Advances in analytics has catalysed a new and valuable approach to access certification within reach. As PwC notes, enterprises can utilise access analytics to “better inform the process, focus more closely on risk and change, and to transform certification from a periodic exercise to a dynamic, continuous review.”
Access governance tools, such as PwC’s AccessAble, already greatly enhance the access certification process. Specifically, these tools leverage access analytics, reduce certification clicks, and improve overall outcomes.
Moreover, integrating access analytics into these tools provides organisations with more dynamic, risk based options for certifying access. In turn, this increases efficiencies, productivity, and generates valuable information.
As a result, this ensures that access certification becomes much easier, more robust, less risky, and better informed. Finally, enterprises can also see and measure the success of their access policies.
How does the UK perceive cybersecurity? Listen to our podcast with Dr Jessica Barker, a global leader in the human nature of cybersecurity, to find out