Physical Identity and Access Management Critical for Stopping Insider Cybersecurity Threats

Being able to track an employee’s shift in behavior in your office can send alerts before it’s too late.

Cybersecurity has become top of mind for nearly everyone, thanks in large part to recent highly publicized data breaches.

Securing networks and digital assets has become a critical component of nearly every business strategy with technologies emerging that apply intelligence to organizations’ infrastructure to detect vulnerabilities and improve network security.

These technologies are an excellent start, but many fail to address the relationship between physical security and the digital realm in protecting digital assets. Not all data breaches are committed by hackers working from remote locations; many are actually perpetrated by individuals within an organization who are authorized to access sensitive parts of networks or facilities.

Insider breaches can take many forms; for example, a systems administrator who has been terminated on Friday may still be able to use credentials to enter the building on Saturday and delete files on the company’s server. This is just one of a vast number of potential insider threats which make it difficult for organizations to reduce their risk.

Security Intelligence
The challenge is compounded when enterprises erroneously view breaches as isolated incidents when they are really the culmination of patterns of activity across multiple systems. Expanding the data sources used for threat detection to all networked systems provides a wider perspective and is one key to combating insider threat.


More: 6 Steps to Prevent Hackers From Attacking Your Systems’ Biggest Vulnerability


For example, an employee who has worked from 9 a.m. to 5 p.m. in a specific location for the duration of his or her employment may suddenly begin accessing the building at odd hours, attempting to enter areas where they are not authorized to be, or downloading more documents or other information than usual. If various identity records are stored in siloed systems with no cross-correlation, there is no way to view a complete picture of this new behavior, leaving organizations blind to their potential exposure to an insider threat.

Insider breaches can take many forms; for example, a systems administrator who has been terminated on Friday may still be able to use credentials to enter the building on Saturday and delete files on the company’s server.

But correlating data from physical and logical access control systems with identity management, IT logging, HR and other systems does allow unusual patterns to be flagged to alert appropriate parties. Physical Identity and Access Management (PIAM) solutions automatically cross-reference behaviors between systems to provide valuable context to help determine if deviations are the result of something as innocuous as a change in working hours or may indicate malicious behavior.

Collecting data from multiple sources allows organizations to develop intelligence. However, as the number of networked systems continues to grow, the virtual mountains of data make it impossible for even an entire department to sort through it manually to identify threats that could enable proactive measures.

New predictive analysis technology is changing this situation, automatically providing a full picture of exposure to risk by identifying correlations between sources.

The Role of PIAM
The first step in gleaning security intelligence is to establish a baseline with data and metrics to provide a foundation for identifying anomalies. Once a PIAM solution with predictive analysis capability is deployed, an employee exhibiting new patterns of access will rise to the top of an audit list. Organizational policies can be put into place to automatically dispatch a security officer on (for example) the third instance of anomalous behavior. Armed with relevant background data, this officer could potentially observe an incident in progress, such as an employee entering another person’s office to access information on their hard drive.

The focus of security is undergoing a significant shift from pure risk management to providing value to an organization, and security professionals are increasingly becoming key players in overall business strategies. The negative consequences of limiting cybersecurity focus to outside hackers are that it is possible to miss the potential for data breaches occurring from within, which is why it is essential to consider the broader function of identity management and physical security.

Without fully understanding the role of physical security and identity management within an organization, even the most robust, wide-ranging cybersecurity program cannot be as effective as possible. PIAM solutions with predictive analysis bridge the gap between cyber and physical. They allow organizations to gather data from IT, physical security, identity management and other systems, and cross-correlate to generate intelligence and detect anomalies that may indicate insider threats, enabling security and management to prevent incidents. The most effective way to identify and potentially thwart the wide variety of potentially damaging data breaches from both inside and outside of an organization is for physical and logical security to work in tandem.

*****

Bio: Don Campbell is director of product management for Quantum Secure.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters