Data is lost every day through mistakes, misuse or malicious attacks, but the threat to an organisation no longer comes purely from outsiders – the insider risk to business is growing. The top insider risk and source of security incidents for UK organisations is current employees, with former employees a close second, according to the latest Global State of Information Security Survey published by PwC this month. Third parties, including service providers, consultants or contractors, are also now increasingly likely to be the cause of cyber threat to a business. This means the importance of managing who has access to which systems and data is increasing in order to strike the delicate balance between ensuring security and granting employee access to critical systems. But as organisations grow, security boundaries expand, employees join, move or leave, and cloud technologies continue to change how we work, meeting that challenge is becoming increasingly difficult.
To help organisations take control of their systems and data, PwC has today [10 October 2016] launched AccessAble , a cloud-hosted access governance tool, combining PwC’s assurance and business process expertise with world-leading software from SailPoint.
Richard Horne, cyber security partner at PwC, said:
“Organisations spend so much time focusing on protecting themselves from external threats that it’s often easy to forget the insider risk – stemming not only from employees, but also a wider ecosystem of business partners. Business leaders need to shine a light on who has access to their critical systems and data. Poor access governance and controls can damage not only your reputation but ultimately profit.”
AccessAble helps organisations to identify access pitfalls and manage the governance process. A pre-configured cloud based tool, it is designed to be deployed four times quicker than an on-premise version, making it cost-effective and easily scalable to changing business needs. Key features include:
· A risk profiling facility to identify high risk users;
· Policy violation to alert on toxic combinations and privileged access;
· Improved security posture through understanding access policy compliance;
· Rapid identification of generic accounts and their activity levels;
· A user re-certification process allowing management to evaluate the appropriateness of user access on a regular basis;
· An inventory of user access across the application estate.
Richard Horne continued:
“We developed this service in response to clients across the globe expressing frustration with the cost, time and effort of developing their own solutions or the market alternatives. There can be many complexities with access governance and with the new EU General Data Protection Regulation coming up too it’s important for organisations to take action now to ensure compliance.
“With AccessAble, we aim to remove the complexity and give organisations the confidence to get on with what’s important – building a business that’s both successful and secure.”
AccessAble has an annual subscription charge for the use of the hosted cloud service and support is calculated on a per user per month basis.
Jon Andrews, executive board member and head of technology and investment at PwC, concluded:
“This is part of our wider firm strategy to help clients solve their business problems with innovative technologies. AccessAble is one of our digital investments focused on maximising the ability to make timely business decisions based on good data.”
