Andrew Jaquith, an analyst at Forrester, in his book Security Metrics: Replacing Fear, Uncertainty and Doubt, describes the value of metrics in general and in doing so identifies one of the key challenges in ensuring system security:
Today's information security battleground is all about entitlements -- who's got them, whether they were granted properly, and how to enforce them.
the degree of scale and complexity makes entitlement management a big problem as shown in Figure 2 from a
field study by a team of researchers at Dartmouth:
According to an analyst at Forrester, today's information security battleground is about entitlements. And a team from Dartmouth calls entitlement management a large-scale problem and a fast-moving target. It's no surprise, then, that excessive entitlements -- also called excessive access rights -- is the top IT audit finding.
Cloud Compliance is developing an Identity and Access Control (IdAA) solution to manage entitlements (also called privileges, or access rights). We identify users with excess entitlements, and provide tools for isolating high levels of over-entitlement by group, business unit or by application. Such tools enable root cause identification, and provide the necessary insight for remediation and process improvement. Furthermore, due to our global visibility as a cloud-based SaaS solution, we capture statistics industry-wide that our customers can access for setting their own policy benchmarks. Finally, in contrast to role-based access control systems, the Cloud Compliance SaaS solution requires no software to install, maintain and operate, no appliances to deploy, no consultants, advisors or professional services to deploy, and no huge upfront capital expense to incur.
More Top Audit Findings
Identity and Access Assessment (IdAA) Demo
Click here to see the demo!