Another insider data breach story that dovetails our blog post from yesterday. It’s amazing to see that organizations (including government entities) have very little in the way of access governance controls in place.
NetworkWorld article on Canada Revenue Agency Data Breach
Our friend Dave Kearns from Network World summed it up well in his article covering this news. “This incident could be the poster child for why you need governance, oversight and access control policies — and enforcement. In this day an age it’s not hard to implement, and in many places it’s required by government fiat. Of course, most government’s always exempt themselves from the fiats they enact.”
“Best to review your governance, oversight and access control policies now — before your organization features prominently (and ashamedly) in a newspaper headline!”
We encourage organizations not to wait until a control failure or regulatory audit finding happens in order to realized the importance of having proper governance over user access to critical information resources. Put an initiative in place now and avoid this known and pervasive risk. If you need assistance on building a business case for implementing an access governance solution, Aveksa has built a model that you can use and we’d be happy to step you through it.
