IAM: The human problem
If you’ve so much as watched a period of playoff hockey, or for that matter, any television since the London Olympic Games, you’re undoubtedly familiar with Liberty Mutual’s “Humans” commercial. Unlike Allstates’ “Mayhem” spots who’d have you believe fender benders, collapsed roofs and keyed car doors are the consequence of mischievous raccoons and distracted teenage drivers upset because Becky kissed Johnny, Liberty Mutual takes the slightly less coddling approach to insurance sales pitches by putting the onus on your own human fallibility. And they may just have a point.
This month, Trend Micro’s Global VP of Security, Rik Ferguson speaking on IT Security at the European Tech Summit said, “Attack the individual not the system itself because in many cases the system is very well protected. Individuals are simply too credulous and too willing to help.” In other words, Ferguson was ascertaining that the problem isn’t so much with the sophistication of an IT Security platform but with those darn, mistake-prone human beings.
He continued to recommend to the summit a platform that monitors the access of its users.
It makes sense. Allow employees improper access to personal files, forgot to monitor your joiners, movers and leavers, or pass on clearly defining roles, and a security weak point—or two—are bound to pop up.
Sometimes it’s from ne’re-do-wells who use their position for financial benefit, as did one employee of Abtram who pilfered the credit card details of an unknown number of customers. But most times it’s not malicious. Chances are pretty good there’s no disgruntled employee hell-bent on sabotaging your company’s financial viability. It’s just,well—they’re human. Mistakes happen.
But unlike you’re elementary school teacher who reassured “that’s why pencils have erasers,” the consequences of mistakes are a little more dire than smudge marks surrounding your misspelling of “receipt” (ya, it tripped me up too).
Take it from Ferguson, “The only sensible approach now…is to operate on the assumption that you have already been breached.” With everywhere from South Korean televisions stations to Burger King Twitter accounts under attack by malicious cyber terrorists, he’s right. And the consequences can range from an embarrassing gaff to financially crippling penalties.
So, right now it makes sense to consider an Identity and Access Management platform that clearly defines the roles, access and entitlements of all users, making sure that little human mistakes won’t add up to much bigger compliance violations.
After all, as Liberty Mutual says, “we’re imperfect creatures, living in an imperfect world.”