How we have transformed every manager’s least favourite task

Reviewing their team’s computer access is one of those tasks all managers dread. The traditional approach is important in locking down internal threats. However, doing the job properly requires managers to spend long hours trawling through files, looking at systems their staff access, and deciding whether to approve or revoke access. Not the most exciting chore, and one that most managers have neither the knowledge or the tools to complete effectively.

It’s understandable that since it is such a thankless task, line managers often don’t give it the importance it deserves. Many fail to understand the importance of access reviews and the potential consequences should they make a mistake. After all, why should it matter if employees have access to things, especially if they’ve had it for a while?

This is the issue that idax addresses: how can you provide information that managers need to make quick and informed decisions, and what systems do you need to make sure those managers stay engaged through the process? Coupled with that, how do you use modern analytics to identify where intervention is needed, and make effective use of everyone’s time?

Internal security is often not taken seriously and there is a widespread lack of understanding from the boardroom down on where the risks lie. An estimated 90% of tech crimes are committed by employees; and most data breaches are simply about access and opportunity. 75% of employees say that they have access to data they shouldn’t, and 25% of employees would be willing to sell company data to a competitor for less than $8,000.

With insider threat posing such a significant risk, it is clear that reviewing access rights is crucial for a company’s security, but not only is the typical process tedious and time-consuming, it’s also largely ineffective.

Firstly, the manager is faced with a complicated spreadsheet full of data about access rights for their staff. The names are opaque, the process lacks context, and this makes it difficult for the manager to understand what to do. And if there is anything that seems unusual, there has typically been no way to simply question the access without taking it away completely.

12% of all entitlements that are taken away in a review are re-requested soon afterwards – something that can make managers question whether the exercise is an efficient use of their time. Furthermore, when it costs a company an average of $18 per transaction faccess, this can quickly become not only a time consuming and dull task, but also very expensive.

Here at idax, we have created a solution that provides relevant information to the manager for people with risks they need to address. Idax instantly analyses access rights, highlighting which employees have unusual rights compared to their peers. These are the employees that are in the position to cause the most damage to the business – whether maliciously or accidentally. Critically, our solution gives managers the option to take charge of the process, and question access rights, potentially avoiding the risk of cyber breaches.

By improving the user interface and user experience, we have made managers more likely to engage proactively with the process. Idax Version 3 encourages managers to take an active role in the security of the company’s data. This is why idax prioritises an engaging user interface (UI) in the version 3 update. With an intuitive, state-of-the-art UI, idax motivates managers to really engage with the software, empowering their journey towards a more secure and wholly trusted environment.

Idax Software Announces Strategic Partnership With EA Optimised

Idax, the IAM analytics software company, has today announced a strategic partnership with leading cloud security consulting firm, EA Optimised. The partnership is a key part of idax’s channel strategy, partnering with leading security innovation consultancies to deliver outstanding client solutions for the emerging cloud analytics space.

Idax’s partnership with EA Optimised comes after it launched Version 3 (V3) of its identity analytics platform earlier in the year. V3 of idax puts user experience first, giving staff the information they need to make the right decisions.

Specialising in Cloud Migration and Identity and Access Management (IAM), EA Optimised will offer idax’s IAM analytics platform to its client base, which includes organisations such as HSBC, One Family Mutual, The Home Office and Welsh Government.

Mark Rodbert, CEO of Idax, commented: “There is a great synergy with EA Optimised, as they manages entitlements in the cloud, on virtual machines and in containers across different platforms. As such, this partnership fits perfectly with our strategic direction to provide analytic security capability for enterprises. We are all really excited about working with EA Optimised to use our combined expertise for our clients.“

Iain Cox, CEO of EA Optimised, commented: “We see real client benefits in idax’s ground-breaking IAM analytics platform. It fits perfectly in our roster of partnerships, alongside Ping and Forgerock, and gives us complete client solutions for the cloud.“

In this time of ever-growing cyber threats, most organisations focus their defence on implementing solutions to prevent people from getting in – but what about the people who are already in? There is a significant, and largely underestimated, threat, which lies a lot closer to home. A staggering sixty six percent of organisations consider malicious insider attacks or accidental breaches more likely than external attacks. Whether they are the result of bad actors, collusion or unwitting accomplices, most breaches are simply about access and opportunity.

Idax’s platform analyses access rights, highlighting which employees have unusual rights compared to their peers. The technology gives results within minutes, without any prior knowledge about the workings of your business. The solution provides a modern, intuitive user interface to make the results simple and easy for line managers to understand and action.

– ENDS-

Issued by Jargon PR on behalf of idax Software. For more information, contact Ben Davies at idax@jargonpr.com or 01189 739 370.

About idax Software

Using identity analytics, idax is the world’s leading company in automatically analysing the access rights for an organisation, quantifying the risk and determining who has excessive access requiring adjustment. Protecting digital information is critical for modern companies. Most cyber fraud is committed by employees. As technology becomes more complex, knowing whether or not someone should have access to systems is beyond the capability and knowledge of managers and traditional systems. What is required is a new approach. Using proprietary algorithms, idax enables organisations to manage access changes in real-time, making it possible to dynamically enforce the principle of ’least privilege’.

For more information, visit https://idaxsoftware.com/

Why the UI is such a critical part of any security product

There are countless reasons why a cyber breach might take place and break through a company’s existing defences. A weak firewall, poor passwords, and phishing scams are usually pinned as the reason. However, there is one area that is equally as critical and yet often overlooked: insider threat.

Insider threat is now looking worse than ever before, with an estimated 90% of tech crimes being committed by employees. Most data breaches are simply about access and opportunity. 75% of employees say that they have access to data they shouldn’t, and 25% of employees are willing to sell data to a competitor for less than $8,000.

So it is clear that a strong solution is needed and that we need it now. A large-scale culture shift may be the only way to truly combat insider threats. Everyone in the organisation needs to be made to feel that cyber security is their own responsibility – from the CEO to the worker on the shop floor. But without the right tools and information, there’s no clear path for companies to choose.

Implementing a solution to analyse the employees that are most likely to become threats in terms of access rights is a step in the right direction. For example, idax looks at what your staff have access to and tells you which of those access rights are unusual compared to the rest of the organisation and their peers.

However, you can throw all the analytics as you want at a solution like this, but if people aren’t engaging and using the results to make good, informed decisions, there’s really no point at all.

This is one of the reasons why the user experience (UX) and the user interface (UI) are one of the most important factors to consider when encouraging people to engage with the solution. A strong UI is not there just to look nice and be aesthetically pleasing. The UI of your identity analytics platform is a critical component for getting people engaged with security.

Traditionally, anything security-related has been taken care of by a specialist team – whether that is an IT team or a security team. In theses cases, it doesn’t matter what the UI looks like, or if anyone else other than the security team could understand and use it, as they would be the only people within the whole organisation engaging with it.

More and more organisations now are moving away from having just the security team deal with all things security, and are instead putting line managers in charge of access rights. This often involves the line manager having to deal with a highly complicated, confusing spreadsheet of access details, with no context or explanation about what in the list refers to what data, and what files are required for a role.

Idax looks at battling just this with the launch of our new version 3 update. By prioritising the user experience with an intuitive, state-of-the-art UI, we are encouraging companies to put the user experience at the forefront of cyber security and start their journey towards a safer and wholey trusted environment.

Ultimately, organisations will move towards a fundamentally different culture of security. Each and every employee will be given the responsibility of self-certifying their own access rights, using an engaging UI that everyone can use.

In the long run, idax is helping companies become part of the security revolution that will soon be upon us. Getting everyone in a company to self-certificate their own access rights – with oversight and ultimate approval from line managers – will ultimately eliminate any internal threat whatsoever. However, this will take time. Creating a UI that line managers already intuitively know how to use, just from the way it looks, is the first step in kick-starting the culture change towards internal security.