Defend Against Insider Threats With User Access Management
Every Federal IT pro knows that security threats are a top agency priority. Yet, according to the SolarWinds 2019 Cybersecurity Survey, those threats are increasing—particularly the threat of accidental data exposure from people inside the agency.
According to the Survey, 56 percent of respondents said the greatest source of security threats to federal agencies is careless and/or untrained agency insiders; 36 percent cited malicious insiders as the greatest source of security threats. Nearly half of the respondents—42 percent—say the problem has gotten worse or has remained a constant battle.
Given these statistics, is there an effective solution to help protect federal data against insiders?
The answer is: yes.
According to the survey, Federal IT pros that have successfully decreased their agency’s risk from insider threats have done so through improved strategy and processes to apply security best practices.
While 47 percent of respondents cited end-user security awareness training as the primary reason insider threats have improved or remained in control, nearly the same amount—45 percent—cited network access control as the primary reason for improvement, and 42 percent cited intrusion detection and prevention tools.
The lesson here is that good cyber hygiene in the form of access management can go a long way toward enhancing an agency’s security posture. That said, there are aspects of access management that will provide more protection than others and are worth considering. Let’s take a closer look.
Visibility, Collaboration, and Compliance
As the old adage goes, you don’t know what you don’t know. This is why visibility should be one of the most important aspects of any access management solution.
Every federal IT security pro should be able to view permissions on file servers to help identify unauthorized access or unauthorized changes to more effectively prevent data leaks. Federal IT pros should also be able to monitor, analyze, and audit Active Directory and Group Policy to see what changes have been made, by whom, and when those changes occurred.
One more thing: be sure the Federal IT team has the ability to analyze user access to services and file servers with visibility into privileged accounts and group memberships from Active Directory and file servers.
Collaboration tools—including SharePoint and MS Exchange—can be a unique source of frustration when it comes to security and, in particular, insider threats. One of the most efficient ways to analyze and administer SharePoint access rights is to view SharePoint permissions in a tree structure, easily allowing the user to see who has authorized access to any given SharePoint resource at any given time.
To analyze and administer Exchange access rights, start by setting up new user accounts with standardized role-specific templates that provide access to file servers and Exchange. Continue managing Exchange access by tracking changes to mailboxes, mailbox folders, calendars, and public folders.
Finally, Federal IT pros know that while managing insider threats is of critical importance, so is meeting federal compliance requirements. Choose a solution that provides the ability to create and generate management and auditor-ready compliance reports showing user access rights, as well as the ability to log activities in Active Directory and file servers by user.
All is not doom and gloom for agencies trying to get insider threats under control. Yes, many feel as though the problem is getting worse. However, there are options out there that can dramatically help the Federal IT security pro get a far better handle on insider threats and go a long way toward mitigating risks and keeping agency data safe.
*Article written by: Jim Hansen, VP of Products, Security and Application Management, SolarWinds