Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success<\/em>. Learn More<\/a><\/em><\/p>\n

\n<\/div>\n
Last week, a U.S. federal government employee and Air National Guardsman named Jack Texeira was alleged to have exploited his Top Secret clearance and leaked<\/a> dozens of internal Pentagon documents to a Discord server, including sensitive information related to the Russia-Ukraine war.\u00a0<\/p>\n
The breach is a classic example of a malicious insider attack, where a privileged user decides to exfiltrate valuable information. It also highlights that organizations need to act under the assumption that any employee or contractor can decide to leak data assets at any time.<\/p>\n
In fact, research shows that insider threats are incredibly common. Cyberhaven<\/a> found that nearly one in 10 employees (9.4%) will exfiltrate data over a six-month period, with customer data (44.6% of incidents) and source code (13.8%) being the most common assets leaked.<\/p>\n
\u201cPrivileged users often maintain an overabundance of standing access to critical systems and sensitive data, which, if excessive or unnecessary, can expose organizations to data leaks,\u201d said Geoff Cairns, Forrester principal analyst. For this reason, \u201cidentity management is critical to preventing identity sprawl and enforcing the principle of least privilege.\u201d<\/p>\n
<\/p>\n
\n
Event<\/h3>\n
\n
Transform 2023<\/span><\/p>\n
\n
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.<\/p>\n<\/div>\n<\/div>\n

\n Register Now <\/a>\n <\/p>\n<\/div>\n
<\/body><\/p>\n
However, for Accel<\/a>-backed data security startup Veza<\/a>, security teams need to go well beyond identity management to mitigate the risks caused by malicious insiders; they need granular visibility into human and machine identities throughout the enterprise and what data these identities have access to.\u00a0\u00a0<\/p>\n
Unveiling the identity-to-data relationship\u00a0<\/strong><\/h2>\nA screenshot of the Veza identity graph <\/figcaption><\/figure>\n
Traditional identity management<\/a> is about establishing a process for authenticating users before they can access assets. While this approach is essential to enterprise security, it\u2019s not always clear what data an individual has access to, particularly when the average user has over 30 digital identities<\/a>.\u00a0<\/p>\n
\u201cWe call it the identity iceberg,\u201d said Tarun Thakur, CEO of Veza, in an exclusive interview with VentureBeat. \u201cThis observation that we have had since we founded the company is really the problem statement of who has access to what and what can they do? Organizations don\u2019t have an answer to that question.\u201d\u00a0<\/p>\n
\u00a0With modern enterprises maintaining an average<\/a> of 254 applications, it\u2019s difficult to achieve granular visibility into the actual data assets a given identity or account can access.\u00a0<\/p>\n
\u201cUsing Nike as an example,\u201d Thakur began, \u201cwe can see [for example a user named] Gillian belongs to Nike, and our username Gillian or Gi*****<\/span>@**<\/span>ke.com<\/span>. But what can Gillian do? What can she read? What can she delete? What can she update?\u201d<\/p>\n
Veza\u2019s answer to the challenge of data visibility was to create an AI\/ML<\/a> model engine to ingest role-based access control (RBAC) metadata from hundreds of apps to build an identity threat graph.\u00a0<\/p>\n
The graph highlights the identity-to-data relationship, showing human users each identity, what assets they can access and what actions they can perform (e.g. whether they have read or write permissions). Once this information is discovered, security teams can control authorization and app permissions from a single location and reduce their organizations\u2019 exposure to malicious insiders. \u00a0<\/p>\n
This approach is different from traditional identity management tools like Sailpoint<\/a> and Okta<\/a> because it\u2019s based on highlighting the relationship between identities and data access and defining controls, rather than hardening the identity perimeter against threat actors with single sign-on (SSO) or adaptive, risk-based authentication.<\/p>\n
The role of privileged access management\u00a0<\/strong><\/h2>\nMapping human and machine identities is just one step on the road toward enforcing zero-trust<\/a> access at the data level, as organizations also need to implement access controls to minimize the risk of data leakage. This starts by implementing what Michael Kelley, senior director analyst at Gartner, calls \u201cthe principle of least privilege.\u201d<\/p>\n
The principle of least privilege means that \u201conly the right person has the right level of access, for the right reason, to the right resource, at the right time,\u201d Kelley said. Each employee only has access to the files and resources necessary to perform their function, nothing more.\u00a0<\/p>\n
Both Veza and identity-data mapping provide organizations with the ability to highlight privileges at the data level so there\u2019s no ambiguity or risk of granting users over-privileged access.\u00a0<\/p>\n
That being said, Kelley argues that organizations who want to mitigate account takeover need to go beyond implementing the principle of least privilege, arguing that \u201ccompanies must then mitigate the risk of privileged accounts through PAM<\/a> [privileged access management] practices,\u201d Kelley said.\u00a0\u00a0<\/p>\n
In practice, that means discovering accounts with privilege, identifying persons or machines with access to the accounts, and then discovering the extent of access held by that account.\u00a0<\/p>\n
Once these high-value privileged accounts are identified, they can be locked inside a single vault with a PAM solution. This enables authorized users to log in to the account to access data assets, while the security team audits and monitors their activity to make sure no harmful activity, such as data exfiltration, takes place.\u00a0<\/p>\n
The decision whether to incorporate identity management, PAM, or identity-data mapping should be based on an organization\u2019s specific needs.<\/p>\n
For cloud-native organizations or those operating in a hybrid cloud environment, automated mapping is critical for getting visibility over human and machine identities that exist in a decentralized environment, as is implementing authorization controls at the data level.\u00a0<\/p>\n
VentureBeat’s mission<\/strong> is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.<\/a><\/p>\n
\t\t\t\t<\/html><\/div>\n<\/p><\/div>\n
Read More<\/a>
\n Tim Keary<\/p>\n","protected":false},"excerpt":{"rendered":"
April 21, 2023 12:07 PM Image Credit: Created using Bing Image Creator with DALL-E. Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More Last week, a U.S. federal government employee and Air National Guardsman named Jack Texeira was alleged to have<\/p>\n","protected":false},"author":1,"featured_media":634140,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[106,4043,46],"tags":[],"class_list":["post-634139","post","type-post","status-publish","format-standard","has-post-thumbnail","category-companies","category-helps","category-technology"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/634139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=634139"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/634139\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/634140"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=634139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=634139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=634139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

Event<\/h3>\n\nTransform 2023<\/span><\/p>\n