Preventing Access-Related Snooping Breaches

By Brian Cleary  |  Posted 2009-08-27 Print this article Print

Preventing access-related snooping breaches

What can an organization do to prevent this type of incident? There needs to be more focus on ensuring that the entitlements that employees have to information resources are required for their particular job function. It is not unusual, for example, for employees to accumulate unnecessary access privileges as they are promoted, transferred or temporarily assigned to another department within the organization.

Users that drag excess entitlements into their new role may create toxic combinations of access that often result in Segregation of Duties (SoD) violations or create other business risks. These are surprisingly common problems in large organizations, and they are natural consequences of the usual pressure on IT departments to provide access quickly when employees are transferred or promoted into positions that require new sets of entitlements.

Organizations that leverage role-based access governance are able to put automated controls in place for access delivery and access change management. This ensures that users' privileges are appropriate to their particular job function or process role.

As a result, access to personally identifiable information is effectively governed based on a valid business reason for access, which mitigates business and compliance risk. Specifically, role-based access governance should address the following three things:

Controls automation

Organizations need to implement automated controls for access delivery and change management which ensure that policies are being applied in a consistent fashion and access-related risk is avoided. A process based on event-driven controls needs to be put into place to address change (join, move or leave) to a user's relationship with the organization. Organizations that leverage enterprise business roles will not only strengthen their policy framework through a set of preventative controls, but will also be able to speed up access delivery and ensure better accuracy.

Brian Cleary is Vice President of Products and Marketing at Aveksa. Brian is responsible for all of Aveksa's marketing activities including product marketing and management, marketing strategy and development. Brian brings more than 15 years of success in directing technology marketing initiatives for both emerging technology companies and top-tier enterprise software vendors to his position. Most recently, Brian served as vice president of marketing for OpenPages. He also served as senior vice president of marketing at Computer Associates (CA). Prior to CA, Brian directed the corporate marketing efforts at Netegrity (acquired by CA in 2004). Brian was also a member of the senior management team at both Allaire Corporation and Macromedia. Brian is an author and frequent speaker at industry events on the topic of governance, risk and compliance management. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel