Chief Information Security Officers (CISOs) and other cybersecurity leaders have an enormous challenge. With an ever-expanding attack surface and a cadre of complex tools to manage risks and vulnerability, it is almost impossible to eliminate every attack vector and loophole. However, it is safe to say that one of the most recognized areas of risk remains around identity access and privilege access management (IAM and PAM, respectively).
This is a next-layer level of visibility that most software solutions lack and there is a strong case to be made for its growing importance. The problem with account ownership stems from its fluidity and need for resource-intensive manual attention: a level of attention most teams can’t reasonably afford to give to these matters.
For the uninitiated, “account ownership” refers to who has access to what accounts in an IT environment. Account owners can be individual users, groups of users, and even machines (e.g., devices, etc.). At face value, it is already easy to deduce how account ownership is key to understanding your overall cybersecurity posture.
Account ownership is worth the trouble and automated solutions are available that can improve your organization’s identity hygiene while removing the resource bottleneck account ownership has historically demanded. Achieving visibility of your account owners will positively impact many of your organization’s other cybersecurity efforts.
Not sold on the importance of how account ownership can impact your organization’s cybersecurity program? Here are six critical ways account ownership can make a huge difference:
1. Supercharge your IAM efforts
Most mid-sized and large organizations invest in Identity and Access Management (IAM) programs and tooling. These programs are often challenged by the ever-changing nature of people management. Teams are in a state of constant flux, with users joining, leaving, and changing roles and departments daily.
One huge problem arises when users who change roles wind up accruing additional privileges and exceptions, that may result in toxic combinations (e.g., access to sensitive data or exception to data protection controls). To make matters worse, maintenance activities like updating permissions and identifying redundant or unnecessary accounts suffer when account ownership remains unknown.
Understanding ownership of accounts gives cybersecurity teams an edge in managing access control. When an individual joins, leaves, or changes roles within an organization, their known accounts can be properly reassigned, or removed. In addition, onboarding and offboarding employees are more seamless, and accounts are less likely to become orphaned if ownership is clear.
2. Help neutralize insider threats
The word on the street is that insider threats are a growing concern among cybersecurity leaders. In an unpredictable economy, the threat of trusted users acting maliciously increases. The practice of identity hygiene, and more specifically, the act of assigning ownership greatly improves your organization’s defenses against insider threat activity.
How? Accountability: being able to attribute an account to a human makes it easier to investigate an incident or suspicious activity. The truth is, unowned or orphaned privileged accounts can be leveraged by bad actors for lateral movement, privilege elevation, or to conceal malicious behavior. Good account ownership practices reduce the privilege creep that can lead to increased access, and therefore increased attack surface.
3. Improve security alerting accuracy and incident response activities
Does your team have “alert fatigue?” For example, when an innocent employee downloads several files for an overseas conference, and they get flagged by your security tools?
When you have a handle on account ownership, alerts about unusual activity can often be put into context and explained if the account owner and their role are known. Clear ownership can also provide accountability for adherence to security policies, on the occasion that a user does something that requires an explanation.
Conversely, unknown account ownership creates problems when there is a threat. Without clear ownership, it’s harder to keep track of shadow IT devices, which may lack security controls and increase the risk of a breach.
4. Targeted training and user education
One of the hardest things about cybersecurity awareness training is knowing what your users know. In other words, what is their level of understanding of good cyber awareness principles and how can they act as a defensive agent for the organization?
When a security team has open visibility of account owners, users can be assigned tailored risk and responsibility best practices training that is tailored toward individuals who have privilege or exception. This simple hack helps to reduce the likelihood of privilege abuse by making users aware of the criticality of their access and privilege it requires.
5. Strengthened security governance and enhanced risk management
For most large organizations, governance, risk, and compliance (GRC) matters are a big, often painful, fact of life. What if you could make these activities run smoother? Well, you can!
When speaking to security governance, understanding account ownership can make assessments more accurate, thus increasing confidence in security controls. In the event of an outage, business continuity becomes more challenging and slower if account owners are unknown.
Then, there’s the dreaded regulatory findings! Demonstrating compliance to regulators can be difficult if account ownership is unknown, and nobody is accountable for it. This can be bad on a normal day, but worse in the event of an actual breach.
6. Provide clarity to your vulnerability management program
Everyone knows that staying up-to-date on patches and updates is crucial to any effective cybersecurity program. Finding someone to accept accountability for patching or updates can be difficult if application service account owners are unknown.
Are you ready to get more out of your IAM program?
As you can see, account ownership isn’t just about IAM, even though it can really take your organization’s IAM program to the next level. By gaining a clear picture of your account owners, your entire cybersecurity program stands to benefit by:
- Improving IAM/PAM programs
- Controlling insider threats
- Reducing alert fatigue while augmenting incident response efforts
- Boosting the effectiveness of user cybersecurity awareness training
- Enhancing GRC and risk management efforts
- Providing clarity to your vulnerability management program
By taking a more proactive account ownership approach as part of your overall IAM strategy, you really can improve your overall organization’s cybersecurity posture.