Preventing access-related snooping breaches
What can an organization do to prevent this type of incident? There needs to be more focus on ensuring that the entitlements that employees have to information resources are required for their particular job function. It is not unusual, for example, for employees to accumulate unnecessary access privileges as they are promoted, transferred or temporarily assigned to another department within the organization.
Users that drag excess entitlements into their new role may create toxic combinations of access that often result in Segregation of Duties (SoD) violations or create other business risks. These are surprisingly common problems in large organizations, and they are natural consequences of the usual pressure on IT departments to provide access quickly when employees are transferred or promoted into positions that require new sets of entitlements.
Organizations that leverage role-based access governance are able to put automated controls in place for access delivery and access change management. This ensures that users' privileges are appropriate to their particular job function or process role.
As a result, access to personally identifiable information is effectively governed based on a valid business reason for access, which mitigates business and compliance risk. Specifically, role-based access governance should address the following three things:
Organizations need to implement automated controls for access delivery and change management which ensure that policies are being applied in a consistent fashion and access-related risk is avoided. A process based on event-driven controls needs to be put into place to address change (join, move or leave) to a user's relationship with the organization. Organizations that leverage enterprise business roles will not only strengthen their policy framework through a set of preventative controls, but will also be able to speed up access delivery and ensure better accuracy.