The Gladys Kravitz Problem With IAM

AKA: who’s snooping at your most sensitive data

 Remember Gladys Kravitz from the old Bewitched TV show? Unless you are old like me, you may not. Suffice it to say she is the epitome of the nosy neighbor –always snooping into other people’s business. It turns out that IT pros and executives are a lot like Mrs. Kravitz. That’s what One Identity learned in a recent survey. And that’s a problem. But it is a problem that can be addressed with better identity and access management (IAM) practices.

Whether it’s a bored employee looking for salary information on their peers; a disgruntled middle manager trying to find personal information on the CEO; or a paranoid employee hunting for financial performance data to justify his fears, it all comes down to someone looking for (and often finding) information that they do not have permission to access – we’ll call it snooping.

So let’s start with the data. In our survey (see link at the bottom of this post), we asked 900 IT pros from around the world how prevalent snooping was at their organizations:

  • More than 90 percent said that they know it happens
  • One in four admit that it happens frequently
  • And nearly two-thirds of our IT pros admit to doing it themselves

There’s also some interesting geographical and industry-specific data that shows which countries and which industries are the biggest offenders. Let’s just say that if you’re like Mrs. Kravitz and struggle with an uncontrolled snooping problem, you may want to avoid temptation and not work in the technology sector in Germany.

There are easy ways to prevent this behavior – people may still look but they won’t find anything if you implement a few key IAM solutions:

  • Granular role-based access control (as available through One Identity Manager) to ensure that the permissions user have precisely match what they need to do their job – nothing more and nothing less.
  • Business-driven governance (also One Identity Manager) to empower the line-of-business to define those access rights and easily attest to their appropriateness.
  • Identity intelligence (as offered by One Identity Starling Identity Analytics & Risk Intelligence) to find and address the inevitable instances of rights escalation or over-provisioned permissions.
  • Privileged account management (One Identity Safeguard) to ensure that those pesky IT pros are using their elevated credentials for only the right activities.

Checkout the complete survey findings and our infographic on the topic.



Anonymous