As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it’s through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.
This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armor for any business.
In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance.
Highlights
“By leveraging technology, you can really limit your exposure, because you really understand who has access to what and you’re limiting the privilege to information unless it’s absolutely needed for people to do their jobs.”
“When we think of this accidental user-driven compromise, a lot of it comes down to good old-fashioned phishing, or spear phishing… where users get an email, they think it’s from their colleague or they think it’s from IT.”
“What we believe, ultimately, is that through open standards and policies there have to be several different… credential issuers or identity providers (IDPs). And as long as they follow open standards, then companies can go ahead and rely on them.”
Read the full transcript here.
Subscribe
See the original article here: ITPro