Understanding Risks from Insiders

15 Sep 2015 09:41 AM By Victoria Krol

Risk espionage and financial fraud... are attention grabbing lines in the press today involving high visibility incidents affecting thousands of innocent victims and potentially leading to millions of dollars in damage.

These incidents are hardly confidence inspiring for corporate CEOs and their respective boards of directors.

Unfortunately, most organisations learn that a compliance breach has occurred only after the fact, and determining where the greatest risks exist, and who is responsible for managing them, continues to be a largely ad-hoc, reactive process.

Research results show that the majority of risk can be attributed to 'Insiders' and business initiatives that demand open access to internal resources. While new technologies have created unprecedented opportunity for innovation, growth and productivity, they have also created unforeseen risks that companies are now being held accountable for - to regulators, shareholders and to the public at-large.


Digital assets represent the most value (and potential liability) to the business. 
Companies therefore must focus their identity risk management efforts and establish a single data model to help centralise, filter and interpret user access information in meaningful business context that combine information such as job functions and risk score of diverse IT systems & applications with technical data mined from the IT environment.

While enterprises agree that compliance activities are strategically important - lots of companies are still dependent on manual steps and paper-based workflows in order to understand who has access to what, leaving them open to privacy breaches, failed audit and potential fraud or misuse of data.

Establishing an IT risk management program can provide substantial benefit, including more effective controls to insider threats, better IT service, data integrity and more competitive edge through better technology discipline.

For example, the SailPont IdentityIQ identity and access management solution supports a wide variety of IAM processes, including automated user access review and certifications, policy management, access request, password management, and identity intelligence. Equipped with resource connectors, IdentityIQ delivers out-of-the-box integration to a wide variety of applications running in the datacenter or the cloud.