The incident is still under investigation, so school and law enforcement officials have yet to reveal whether this was a case of insider or external exploits. If it was internal, the breach once again underscores the necessity of a reliable identity access management software and brings into focus once again the need for improved information security management across all environments. If it turns out that the computer was in the hands of a former employee it emphasizes the need for a robust IT risk management certification program including implementing systems that automatically shut off access when someone leaves the organization.
Lessons Learned
An old African proverb states, “When there is no enemy within, the enemies outside cannot hurt you”. Unfortunately groups worldwide fail to take this proverb to heart as many organizations in both the private and public sector over the past few years have been taken to task for having failed to secure their information from inside the company.
Identity access management software has become extremely complex in this decade alone. As computing environments have become more distributed, devices have proliferated, and enterprise information, whether on premise, or cloud-based have exploded. The protocols, tools, and cyber security audit controls to manage all of the complexity have also increased dramatically. Delivering the basic tenets of confidentiality, integrity and availability have become a nightmare.
The effect is an exponential increase in the number and variety of user identification, authentication, and access governance—many of which fall outside of direct IT control, but all of which can lead to loss of security.
Graduating to Identity and Access Management Innovation
Attempts to solve the problem have spawned homegrown identity management applications each designed to alleviate a small part of the problem. They in turn have given way to monolithic applications with all the simplicity of a Rubik’s Cube. In the end, all of this development has left a trail of unfinished, severely under-performing, and expensive to maintain identity and access management software that take more time and resources away from the IT department they were initially designed to help while increasing your cyber security exposure and risks.
An innovative way to look at the problem is to break the multiple functions of identity and access management software into a series of discrete application that are limited in their breadth, but which are more focused on their depth of control. By breaking identity and access management into discrete disciplines, organizations have a better chance of actually seeing a project completed successfully.
This move toward separating identity and access management software into independent practices or process disciplines is reflected by an increasing number of IT cyber security tools and technologies focused at those individual practices. Task initiation is distributed to both end users and team managers to increase accountability at the same time as increasing efficiency and auditability. This enables IT to strengthen tools and audit control technologies as business drives process and accountability and lays the foundation for both modern service management and up to date regulatory compliance and standards conformance.
The first step in this process is to increase cyber security at the point of identity verification, ensuring enterprise password management security through periodic, automatic and systemic changes and updates. For many companies increasing password strength according to corporate policy needs to be augmented with supplementary identity verification technologies such as biometric and token-based user validation—common access technologies for newer devices.
Unauthorized access from one rogue computer can’t always be solved by putting just one solution in place. It’s a tough lesson for the Eugene School District to learn but also a reminder to everyone that defense in depth has become a critical part of risk management.
Follow Ryan Ward, Avatier Chief Innovation Officer and Chief Information Security Officer, on Twitter at https://twitter.com/ryawarr
Watch the video introducing Lifecycle Management, the world’s first IT store for self-service user provisioning, access provisioning, and asset management through a revolutionary IT store.
Get a Free Copy of the Top 10 Identity Management Best Practices Workbook
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.
