Feb 15 / 2017
IAM: Weak Passwords, Orphan Accounts and Inappropriate Access, Oh My!
email@example.com (Christian Duvall, Group Vice President, Enterprise Services)
I just finished listening to a nice interview with Darran Rolls, who is the Chief Technology and Chief Information Security Officer at SailPoint, a leader in identity governance that’s listed as a Visionary in Gartner’s Magic Quadrant. It was the first time I’ve seen him speak, and I was really pleased to hear him espousing very similar principles to what we do here at Workstate. It’s a three-segment interview, which covers some Identity and Access Management best practices and common pitfalls.
<span id="selection-marker-1" class="redactor-selection-marker"></span>
Some key highlights:
- Some of the most basic IAM mistakes are weak passwords, orphan accounts, and inappropriate access. Darran mentions that “orphan accounts” – accounts that retain access, but aren’t being used – are the first way that “bad guys” try to abuse.
- The biggest risk for inappropriate access is around what Human Resources refer to as “Joiner/Mover/Leavers.” Edward Snowden has been a great example of an inside threat, facilitated through the mover portion of the process.
- Darran also dives into the the Five A’s of Security (although he only mentions 4), which are:
You can learn more about the first two As in our blog post – Enterprise Identity and Access Management: Authentication vs Authorization – where we explore the topic in terms of some common, everyday activities. We also touch on concepts like Audit and Analysis, and ways that you can keep your organization safer in the blog, The Principle of Least Privilege.
The final A – Administration – is the glue that holds everything together; the configuration, automation and integration of your IAM processes, practices and policies.
Of course, if you listen to the interview and still want to know more about Identity and Access Management, download our complimentary primer on terminology and concepts or reach out to learn more about our Identity and Access Management services.