Top Ten Treats and IAM Tricks

I thought I would take this opportunity during one of my favorite holidays of the year, Halloween, to discuss the top ten tricks and treats you might encounter this year.

10) – I pulled this description from the Kit Kat website. Every corner, every edge, every finger, of every bar has been carefully considered and crafted to create this beautifully immersive and multi-sensory experience. As a marketing guy, I can appreciate this type of mellifluous prose.

9) We made it. We are secure! – This is obviously a trick. No company is ever secure. The threats are always changing; always adapting. And frequently, you don’t know where the threats are coming from. Sometimes it’s kids in a basement, a competitor, a nation-state or even your own employees. Controlling access via a robust IAM project can help (but is by no means the complete answer). You really need to look at security as a journey – a never ending journey – as opposed to a destination.

8) Almond Joy - Escape from the daily routine by enjoying sweet coconut and two whole crunchy almonds in creamy milk chocolate. I would have ranked this delight a bit higher, but I do not like coconut.

7) Bad guys sleep – Ha! Another trick! They don’t. They work around the clock (figuratively). They LOVE what they do. They work nights, weekends and holidays. In fact, when you are out there handing out candy to those teenagers that look just a bit too old to be trick-or-treating, the bad guys will be trying to get past your firewall or steal your privileged accounts. As a result, you need to be equally vigilant. You need to find products and services that can protect your systems 24 x 7 x 365.

6) 3 Musketeers – A lighter way to enjoy chocolate. I like how they try to make this confectionary wonder seem like, relatively speaking, it’s good for you. All I remember about these things is that they are so deliciously sweet, they make my fillings hurt.

5) We’re safe, we have strong passwords – Umm, I think not. If you have passwordS (plural), I would be willing to bet a dozen Almond Joy bars (remember, I don’t like coconut), that if you go and lift 10 employees’ keyboards, you’ll find at least seven with all the passwords written down on paper. Heck, I even saw once where the user editing the link in the browser favorites to include the user ID and password. You need to think single sign-on. It can be a quick win and a close a gap in your security profile.

4) Milky Way…………………….Sorry, I was eating a Milky Way bar (www.milkywaybar.com)

3) Smarties – Look, these little nuggets of energy are just plain sugar. Need I say more?

2) Our administrators are trustworthy – I am sure your admins are trustworthy. Until they aren’t. Many of the most damaging and high-profile security breaches of recent years were the result of insiders using privileged access to do bad things. Some steal and publicize critical data. Others set time bombs to destroy systems. And others undertake vindictive mischief in the name of sticking it to the man. The common theme across all of these incidents is that someone in a trusted position was given privileged access and abused it. Top tip – find a privileged account management solution. It will both add a level of security and help get the auditor off your back.

1) Hershey’s bar (full size only) – I’m sure you all remember getting the little “fun size” or “snack size” version of most of these candies. But honestly, was there anything better than finding the holy grail or hitting the jackpot that was visiting THE house that gave away full size Hershey’s bars?

To be honest, I lifted some of these nuggets (the tricks mostly) from a new white paper from our own Todd Peterson. I recommend you check it out for more top tips and truths about IAM. And if you want to send your extra candy my way, let me know and I’ll get you the address. Just no Almond Joy (coconut, you know).

Anonymous