Large company data breaches and hacks are becoming common place these days. It seems like every week there is a new news story where a high-profile company’s data is compromised. From T-Mobile to Ashley Madison, personal information is being stolen by hackers. The recent Internal Revenue Service (IRS) hack showed us that even the United States government isn’t safe. As a result, consumer confidence in companies’ ability securely store their data is at an all-time low.
Securing Sensitive Data
What can an organization do? Physical security is certainly important, as it is vital to restrict physical access to data centers. However, securing the data is key. Enterprise and external applications typically need access to user information for authentication and authorization purposes. However, they don’t need access to all the data elements related to the user. By default, all users that have an account in Active Directory have READ access to the domain level of Active Directory and below. That is, any account can read the Active Directory information for any and all objects in Active Direct. This can lead to data leakage.
How to Prevent Data Leakage
How can an organization prevent data leakage? By utilizing a virtual directory server (VDS), such as Optimal IdM’s Virtual Identity Server, an organization can easily assign the security needed to prevent data leakage. The Virtual Identity Server (VIS) allows security to be discretely assigned in many ways. By leveraging VIS Administrative Groups, an administrator can limit not only what objects an application can see in the directory but also which attributes on the objects are visible. On top of that, an administrator can also limit what operations the application can perform. By defining VIS security groups which only provide applications the data needs, an organization can reduce the risk that a rogue application can access sensitive information.
Securing Back-End Connections
In addition to security being applied to frontend applications accessing data through Optimal IdM’s Virtual Identity Server, the Virtual Identity Server (VIS) also allows security to be applied to back end connections. An organization can create discrete service accounts which VIS will utilities to provide applications access to backend data. These backend service accounts can have security applied to them, via native access control lists or access control instructions, which limits the data available through them. This in turn restricts the data which is available through VIS to enterprise applications. By implementing security in VIS on both the frontend and backend connections an organization can easily and affectively restricted the enterprise data exposed.
On top of this, VIS provides a flexible auditing framework which can be used to monitor data access. This detailed information regarding data access, which is not easily available in Active Directory natively, can help administrators identify rogue applications and inappropriate data access.
Data leakage and data breaches are major concerns to both corporations and individuals. However there are tools, such as Optimal IdM’s Virtual Identity Server, available to administrators which can effectively mitigate these risks. It is important that organizations make use of the today’s technology to secure enterprise data thereby improving consumer confidence.