11.12.2015

Large company data breaches and hacks are becoming common place these days.  It seems like every week there is a new news story where a high-profile company’s data is compromised.  From T-Mobile to Ashley Madison, personal information is being stolen by hackers.  The recent Internal Revenue Service (IRS) hack showed us that even the United States government isn’t safe. As a result, consumer confidence in companies’ ability securely store their data is at an all-time low.

Secusecurity_locksring Sensitive Data

What can an organization do?  Physical security is certainly important, as it is vital to restrict physical access to data centers.  However, securing the data is key.  Enterprise and external applications typically need access to user information for authentication and authorization purposes.  However, they don’t need access to all the data elements related to the user.  By default, all users that have an account in Active Directory have READ access to the domain level of Active Directory and below.  That is, any account can read the Active Directory information for any and all objects in Active Direct.  This can lead to data leakage.

How to Prevent Data Leakage

How can an organization prevent data leakage?  By utilizing a virtual directory server (VDS), such as Optimal IdM’s Virtual Identity Server, an organization can easily assign the security needed to prevent data leakage.  The Virtual Identity Server (VIS) allows security to be discretely assigned in many ways.  By leveraging VIS Administrative Groups, an administrator can limit not only what objects an application can see in the directory but also which attributes on the objects are visible.  On top of that, an administrator can also limit what operations the application can perform. By defining VIS security groups which only provide applications the data needs, an organization can reduce the risk that a rogue application can access sensitive information.

Securing Back-End Connections

In addition to security being applied to frontend applications accessing data through Optimal IdM’s Virtual Identity Server, the Virtual Identity Server (VIS) also allows security to be applied to back end connections.  An organization can create discrete service accounts which VIS will utilities to provide applications access to backend data.  These backend service accounts can have security applied to them, via native access control lists or access control instructions, which limits the data available through them.  This in turn restricts the data which is available through VIS to enterprise applications.  By implementing security in VIS on both the frontend and backend connections an organization can easily and affectively restricted the enterprise data exposed.

Detailed Auditing

On top of this, VIS provides a flexible auditing framework which can be used to monitor data access.  This detailed information regarding data access, which is not easily available in Active Directory natively, can help administrators identify rogue applications and inappropriate data access.

Conclusion

Data leakage and data breaches are major concerns to both corporations and individuals.   However there are tools, such as Optimal IdM’s Virtual Identity Server, available to administrators which can effectively mitigate these risks.  It is important that organizations make use of the today’s technology to secure enterprise data thereby improving consumer confidence.

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.