Access Rights Remediation Control Failure Leads To Data Loss
Posted on Tue, Jul 13, 2010 @ 11:56 AM
Spotted this news article regarding an IT administrator that just got a year jail sentence for stealing and damaging data from his former employer.
http://www.darkreading.com/database_security/security/management/showArticle.jhtml?articleID=225800012&cid=nl_DR_DAILY_2010-07-13_h
This doesn't make a lot of sense to us. If all the credentials were revoked then how did he get in? Was there a backdoor that this IT administrator created on a network firewall or database server? On the other hand, could it have been an access governance control failure due to a lack of process automation for an access revocation request and no closed-loop change validation to ensure all that accounts and entitlement privileges were in fact removed?
Termination of access rights can be a challenge for most organizations when they lack the visibility into a user's access across all information resources and an access change control framework that can respond to events that regularly occur in the enterprise - such as when users join, transfer or are terminated from an organization Aveksa has seen 40% error rate in the timely fulfillment of revocation requests. Why? Too many organizations rely on their IT help desk systems to initiate and track access revocation requests. However, these systems lack the policy controls and request validation capabilities to provide an organization with the business assurance that the access was revoked and the risk of unauthorized access to networks, applications, data and cloud-based information has been mitigated. It's even more important to have an access change control framework in place when it involves a privileged user because the risk of a data loss occurring increases exponentially!