Looking over chapter three in “Borderless Behavior Analytics – Who’s inside? What’re They Doing?”, (entitled Insider Threats, Account Compromise and Data Exfiltration) our esteemed security expert Joe Sullivan (CSO, Uber) observes how identity management systems servicing the old networked environments are role-based and blunt. They don’t allow for today’s flexible workforce where employees are frequently shifting roles and responsibilities. To address this challenge, he recommends a three-part security program. One part is to secure the applications. The second is to lock down identity. The third involves monitoring how the authorized identities are using the applications through behavior analytics.
This three-sided security program focuses on strong identity and strong application security along with an identity-based and risk-based solution that monitors who’s using what. Most modern attacks involve some kind of privilege escalation. When attackers gain entry to an enterprise, it involves compromising the identity of an employee and then using their permissions to gain access. This is what so many modern attacks involve: a bad guy using a good person’s identity, versus a good person turning into a bad person. Yet they’re basically doing the exact same things. This three-prong approach to security, driven by advanced security analytics, has a double benefit. That is even when the outsider threats end up being detected first as an insider threat, where someone who is on the inside is there because valid credentials were being stolen and misused by an outsider.
The other reality of today’s applications is that much more sensitive data is in them. It’s being stored in many more places, and accessed by many more employees, for an increasing amount of legitimate reasons. Where one technology expert might say, “Every company is becoming a software company,” it now appears the statement “Every company is becoming a data company” represents the next generation’s reality. Every company now has sensitive data which may include sensitive intellectual property. It also might be where companies are storing more of their customer data and recognizing that half of their employee population may need access to some of this data.
As every company becomes a data company, trying to get insights about their customer, using artificial intelligence to perform customer support, and big data machine learning to figure out which customer should get what – there must be different expectations around data storage and security. Traditional identity management systems don’t scale in these new environments. In fact, in many cases they suffer from a severe discovery gap in privileged access risks at the entitlement level and within applications. This represents a serious and growing access risk plane. To manage the vast scope of analysis required, a new approach should be adopted, one that integrates identity management with identity analytics from machine learning models analyzing both access and activity data. These capabilities incorporated with user and entity behavior analytics, this three-prong security approach is optimized in effectiveness.
That’s how Uber’s CSO Joe Sullivan sees it. To learn more about his views on cyber security, check out his chapter in Borderless Behavior Analytics – Who’s Inside? What’re They Doing? It’s one of seven chapters where expert CIO and CISO contributors share their qualified observations about security from a wide range of industry vertical perspectives.