* Umberto Rosti
Does your company know what each employee is accessing and what information they have access to?
Everything is on the net and this is the reality of small, medium and large companies these days. THE information security, data leakage prevention, as well as access and identity management, add more value to your business.
The difficulty of managing numerous systems, controlling their access versus employee role, and even knowing where your sensitive data is going in this cloud-based, virtualized, and mobile new world can result in financial loss, due to the risk of unauthorized or inappropriate access and loss of productivity.
During the recent wave of hacking attacks in Brazil and around the world, and seeing all this exposure in the media, we noticed a certain buzz in the business sector, where several CSOs and CIOs are being asked about the security of their systems.
These professionals need to have answers to these questions at their fingertips, to prevent the risk of suffering from the negative exposure of the company / brand about a vulnerability to control their sensitive information.
1. Access and Identity Management:
The first step is to implement in the company a management that controls all access to information and data of the corporation. For this, you must also identify each employee and their roles. Ten years ago, few companies were able to deploy tools to control their employees' identity and access to their systems. And these processes could take up to two years to complete. Today, with the popularization of tools, pricing has become more affordable and the process can be completed in up to two months. The need for this service increases the maturity of companies regarding this security.
2. Knowing the company:
Every employee should be aware of company policy, ie what can and cannot. User awareness and education are critical to access management and control. What happens today is a heavy investment in systems to prevent external risks, obscuring the importance of avoiding internal risks, as many employees have access to key company information and may be responsible for fraud. This awareness should also be about information portability and mobility. This contributor needs to be aware of what they can post regarding corporate information, especially in social media environments and personal pages.
3. Access Profiles:
This complexity increases when we speak of increased identities due to mergers of large corporations and restructurings. Managing who has access, and how long this access can be done, has become a growing problem in companies. Today, research shows that 60% through 80% of attacks and scams come mostly from internal users, former employees, etc., who know the company well and have a greater motivation for crime. Therefore, the company HR, at the time of hiring, must have defined in its system the position and functions of the new employee. Which profile will entitle you to a particular system? And mainly, follow the trajectory of this user.
4. Information Leakage Prevention:
Data loss prevention (DLP) is a very simple and extremely important tool in the corporate environment. The solution, which controls where the information is, helps to prevent system users from having unauthorized data domain. For example, a company's board of directors does not allow its employees to have access to official document numbers, such as CFP and RG, contained in its system. So, with this tool, every time a user tries & #8220; copy & #8221; With this data, it has the function to warn the manager or block the copy of the file on different media, such as CD, flash drive and network.
5. Segregation of duties:
The responsibility of each employee within the corporation must be determined, which increases the company's autonomy and profitability. With the functions defined, the company is able to control the profile of each user, being able to see, for example, when an employee is authorized to start a purchasing process, but is not allowed to complete it. Or when the employee can make the payment but is not responsible for approving the order.
6. Facilities within access management:
Some services make it easier and simpler to use these tools. Self-service, which enables the user to redeem #8221; Your password immediately reduces call time by avoiding the need to call a help desk. Another technology that can make it easier to do business and improve the user experience is single sign-on (SSO). With a single password the user is able to access all systems that is his right. Also facilitating the company in case of shutdown and even lockout during temporary absence such as holidays and health problems. By promoting simplified password management, organizations can benefit from increased productivity and reduced costs.
Until recently, the Information security was seen as a necessary expense in order to avoid damage. However, companies today are addressing the issue as a strategic necessity that will help them achieve their goals and success. Topics such as those described throughout this article are important to achieving the security objective and enabling the business to reach its goal with the lowest possible risk, but they should not be applied indiscriminately across the organization. Guidelines are sensitive competitive information and differentials to ensure resilience and greater profits for the organization.
* Umberto Rosti is CEO of Safeway
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;