Insider Risk and the Need for Context-Aware SecurityMicro Focus' Gurusiddaiah on Unified Approach to Identity and Access
One of the biggest threats to organizations' data today stays completely under the radar- the insider threat, which is proving to be increasingly dangerous, says Dr. Naveen Gurusiddaiah, Head of Technical Sales at Micro Focus, India.
"Employees are one of the major threats that organizations are dealing with," he says, "not only because they can maliciously or unintentionally leak data, as they are not equipped to deal with the tactics of cybercriminals, who make use of their credentials - especially those of insiders with privilege."
The result? Insiders are increasingly becoming an effective channel through which the hackers gain unauthorized access to valuable data, he says.
To address this challenge, it's vital for organizations to build strategies around insiders with appropriate user management and access controls to prevent or mitigate a breach. Organizations must maintain real-time identity and access management through various policies that determines what role an employee is in and what he or she can access. This is the first step to detect and respond to potential breaches in real time, he adds.
"The time is now for organizations to have context-aware security, which leverages user context such as location and access point," he says. This further needs to be integrated with authentication technologies and behavior-based monitoring in order to prevent any kind of anomalous intrusion, he argues.
While it is important to monitor employees not just based on their identity, but location, activities and time, as well, behavior-based monitoring is another crucial factor in tackling challenges around information security management.
"This approach will enable organization in achieving the security intelligence needed to detect and respond to anomalous activity that signals a data breach or compliance gap," he says.
Gurusiddaiah was a speaker at the recent Data Breach & Fraud Prevention Summit in Mumbai, where he elaborated on the nuances of 'Identity Powered Security'. (See: Data Breach, Fraud Summit Asia: First Impressions)
In this interview, he delves into the right approach to information security and also speaks about:
- The need for context-aware security in addressing insider threats;
- Behavior-based monitoring to respond to anomalous activity;
- The future of biometric authentication technologies.
Gurusiddaiah brings in 16 years of experience in different domains such as finance, sales and marketing. He currently heads technical services at Micro Focus India, for all the product portfolio of CDMS, Borland, Novell, Attachmate, Suse and Net IQ.