For years, companies have invested heavily to protect privileged and IT users. Today, with digital transformation and adoption of cloud apps, most business users can have regular access to sensitive data, under certain conditions. And while strong authentication is the first step in a comprehensive approach to securing identities, for high-value user activity, organizations have begun to look at additional protections amid a spate of insider threats.
For example, company executives and other privileged users are often granted far-reaching access to network resources and web applications that power the business. While it’s important to assume positive intent, there have been numerous examples of legitimate, elevated access being abused (whether voluntarily or involuntarily) to make unauthorized changes or misuse data, or of users being social engineered to help attackers.
Such threats can exist at every level of the business, according to CyberArk research. In most organizations (70 percent), an average business user has access to more than 10 business applications, many of which contain high-value data such as financial records, customer information and intellectual property. Eighty percent of organizations report employee misuse or abuse of business application access within the last year. Yet 48 percent say they have limited visibility and control over how employees are actually using web apps due to disparate controls across the spectrum of applications and sessions, making it difficult to identify and attribute risky behavior.
Of course, security incidents can stem from human error or be unintentional. But investigation can be difficult and take time, resources and the right tools. Security teams are often forced to sift through thousands of lines of logs and manually re-trace users’ steps. And this isn’t a once-in-a-while problem — 54% of organizations investigate security or compliance-related user incidents every week.
Apart from the importance of securing credentials and access, there’s broad consensus around the need for greater visibility into user activity, especially as SaaS application usage skyrockets and more high-value data migrates to the cloud. Fortunately, by layering additional security controls to the Single Sign-On (SSO) they already use, organizations can better protect user activity within web applications by:
- Recording steps taken within protected application sessions and easily trace unauthorized configuration changes via keyword searching — without impacting the user experience
- Continuously validating that the person who initiated the web session is indeed the person using the application
- Speeding investigations and unmasking insider threats before data is changed, copied, or stolen
Don’t limit access protections to your organization’s front door. As privileged access permeates across user populations amid the shift to cloud, adding layers of security via monitoring and protecting in-app user sessions is also imperative.
By Gil Rapaport, General Manager of Access Management, CyberArk