Reviewing their team’s computer access is one of those tasks all managers dread. The traditional approach is important in locking down internal threats. However, doing the job properly requires managers to spend long hours trawling through files, looking at systems their staff access, and deciding whether to approve or revoke access. Not the most exciting chore, and one that most managers have neither the knowledge or the tools to complete effectively.
It’s understandable that since it is such a thankless task, line managers often don’t give it the importance it deserves. Many fail to understand the importance of access reviews and the potential consequences should they make a mistake. After all, why should it matter if employees have access to things, especially if they’ve had it for a while?
This is the issue that idax addresses: how can you provide information that managers need to make quick and informed decisions, and what systems do you need to make sure those managers stay engaged through the process? Coupled with that, how do you use modern analytics to identify where intervention is needed, and make effective use of everyone’s time?
Internal security is often not taken seriously and there is a widespread lack of understanding from the boardroom down on where the risks lie. An estimated 90% of tech crimes are committed by employees; and most data breaches are simply about access and opportunity. 75% of employees say that they have access to data they shouldn’t, and 25% of employees would be willing to sell company data to a competitor for less than $8,000.
With insider threat posing such a significant risk, it is clear that reviewing access rights is crucial for a company’s security, but not only is the typical process tedious and time-consuming, it’s also largely ineffective.
Firstly, the manager is faced with a complicated spreadsheet full of data about access rights for their staff. The names are opaque, the process lacks context, and this makes it difficult for the manager to understand what to do. And if there is anything that seems unusual, there has typically been no way to simply question the access without taking it away completely.
12% of all entitlements that are taken away in a review are re-requested soon afterwards – something that can make managers question whether the exercise is an efficient use of their time. Furthermore, when it costs a company an average of $18 per transaction faccess, this can quickly become not only a time consuming and dull task, but also very expensive.
Here at idax, we have created a solution that provides relevant information to the manager for people with risks they need to address. Idax instantly analyses access rights, highlighting which employees have unusual rights compared to their peers. These are the employees that are in the position to cause the most damage to the business – whether maliciously or accidentally. Critically, our solution gives managers the option to take charge of the process, and question access rights, potentially avoiding the risk of cyber breaches.
By improving the user interface and user experience, we have made managers more likely to engage proactively with the process. Idax Version 3 encourages managers to take an active role in the security of the company’s data. This is why idax prioritises an engaging user interface (UI) in the version 3 update. With an intuitive, state-of-the-art UI, idax motivates managers to really engage with the software, empowering their journey towards a more secure and wholly trusted environment.