The information security battleground is quickly moving inside the network. Given that the majority of data breaches are now being caused by insiders, most organizations recognize the importance of privileged identity management. But what about third parties? Third parties such as contractors, business partners and vendors are an important part of any organization’s IT ecosystem today.

Managing Third-Party Risk

This ecosystem continues to grow in scale and importance day by day. It’s no wonder that growing numbers of nontraditional employees are accessing your organization’s network, system and data. According to Bomgar’s “2016 Vendor Vulnerability Index,” security professionals reported than an average of 89 vendors access their networks every week.

At the same time, there is a marked increase in data breaches attributed to third-party vendors. According to the Ponemon Institute report “Data Risk in the Third-Party Ecosystem,” 73 percent of respondents reported an increase in the number of cybersecurity incidents involving vendors.

The Importance of Privileged Identity Management

In many cases, third-party vendors may have privileged access to your systems. Privileged users are typically granted administrative rights to manage business-critical resources like operating systems, databases and enterprise resource planning (ERP) systems. If these IDs are not properly managed, they can cause accountability and compliance issues and increase the risk of a data breach.

The problem gets compounded when privileged IDs and passwords are shared across individuals. This anonymity makes it difficult to tie an action or security breach back to a specific individual, resulting in problems with regulatory compliance. It’s extremely important to monitor the activities of such accounts so that accountability can be established in case there are any issues.

A Single Pane of Glass

You need a solution that can help you centralize privileged identity management through a single pane of glass, if you will. The solution should be capable of extending privileged user management to contractors, outsourced IT and other service provider without diminishing speed or ease of use. It should eliminate the need to share passwords and provide a mechanism to record session activity for clear audit visibility into the activities of privileged users.

IBM Security Privileged Identity Manager (PIM) protects, automates and audits the use of privileged identities to help thwart insider threats and improve security across the extended enterprise. It is specifically designed to tackle the challenges associated with managing and monitoring privileged access of the ever-expanding user population without sacrificing ease of use and user productivity.

See You in Vegas!

The 2016 Gartner Identity & Access Management Summit will be held from Nov. 29 to Dec. 1 at Caesars Palace in Las Vegas. Stop by the IBM Security booth (#301) anytime, and we will be glad to talk to you about the challenges you face in managing privileged access for your organization and beyond.

More from

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution?Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task.In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each other. As…

How I got started: SIEM engineer

2 min read - As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security…

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…