How to Ensure Compliant User Access with Role-Based Access Governance

 
 
By Brian Cleary  |  Posted 2009-08-27 Email Print this article Print
 
 
 
 
 
 
 

An increasing number of organizations are reporting that their employees, either out of personal curiosity or other potentially more devious motivations, are peeping at the account records of public figures. As a result, suspensions and firings are being announced on an almost weekly basis. Here, Knowledge Center contributor Brian Cleary discusses how these institutions can reduce the likelihood of these access-related peeping breaches by putting automated, role-based access controls in place across their entire organization.

Employees across all industries are quickly finding out that peeking at records that contain information about their favorite celebrity will now cost them their job. The natural curiosity of employees to view the private records of politicians and well-known figures is increasingly leading to firings and criminal convictions.

Most of the these workplace incidents are not tied to bad intentions or identity theft; they are simply employees taking advantage of access policy gaps at the companies for which they work (without realizing that they are breaking privacy laws and exposing their organizations to risk).

An example of this trend occurred when it was revealed on Nov. 22, 2008 that Verizon had fired several employees who had looked at the cell phone records of President-elect Barack Obama. Politicians and celebrities are just like everyone else, and they use cell phones, apply for passports and seek healthcare at major hospitals.

Employees at these organizations need to realize that, unless there is a job-related reason for them to access these records, even sneaking a peek for curiosity's sake is a very bad idea. However, the real problem here is not the natural nosiness of employees, but rather the poor controls for how user access is governed at these organizations.

President Obama has been a prime target of these types of attacks, with three different unauthorized data breaches on his private records in the last year alone. This type of incident is something that is fast becoming a daily trend with companies that store sensitive personal records of politicians and celebrities.

While organizations are quick to point out that they have specific policies related to accessing sensitive information, too often these policies are confined to a three-ring binder on a bookshelf in the IT security or compliance office. It is wishful thinking to believe that employees will heed these policies through training alone and make them part of their daily operating practice and procedure.



 
 
 
 
Brian Cleary is Vice President of Products and Marketing at Aveksa. Brian is responsible for all of Aveksa's marketing activities including product marketing and management, marketing strategy and development. Brian brings more than 15 years of success in directing technology marketing initiatives for both emerging technology companies and top-tier enterprise software vendors to his position. Most recently, Brian served as vice president of marketing for OpenPages. He also served as senior vice president of marketing at Computer Associates (CA). Prior to CA, Brian directed the corporate marketing efforts at Netegrity (acquired by CA in 2004). Brian was also a member of the senior management team at both Allaire Corporation and Macromedia. Brian is an author and frequent speaker at industry events on the topic of governance, risk and compliance management. He can be reached at bcleary@aveksa.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel