BBA-Blog2-Image-800x400

What is the Threat Surface Equation?

Author: Tom Clare

VP Marketing, Gurucul

Feb 24, 2017

We all grew up with Einstein’s E = mc 2. The equation is a staple for scientific minds. For CSOs and CISOs a recent risk calculation reference is being recognized with growing acceptance within the security community. It is: Data + Access = Threat Surface.

What does this really mean?

In her Borderless Behavior Analytics chapter, entitled Identity, Access Risks and Access Outliers, CIO at Large Teri Takai offers a number of relevant observations. One relates to the practice of periodically rubber-stamping certifications for compliance which does not resolve access risks. Instead, it is an inefficient waste of time which actually broadens the access risk plane. For example, consider a small enterprise environment with 100 users, with 10 accounts each, plus each account has 10 entitlements (100 x 10 x 10). That totals 10,000 entitlements. Then consider quarterly compliance certifications, and an organization must manually manage 40,000 entitlements per year for only 100 users! That’s just one slice of the access complexity which is beyond human capacity to analyze. Add to that all the other entities, devices and applications operating within the environment and the magnitude of potential for identity-based access risks expand to a sobering scale for any CISO.

Combine all this overwhelming access to sensitive data at risk and you have an access risk and threat plane of sobering proportions. Hence, Data + Access = Threat Surface.

In response to this emerging hazard, security leaders need to recognize the new challenges posed by identity and access. The first element is the existence of the insider risk. The second involves external partners who need to access an organization’s data, in turn creating more access risk that may or may not be known by the system owner. The third component addresses the challenge of being able to keep up with this onslaught of data on-demand; to see, or allow others to see, the data safely and effectively to run the business. The complexity of these challenges centers on an all-encompassing access management framework. Data and access are linked, opening up the surface area for access risks centered on these essential points:

  • Compromise and misuse of identity is at the root of modern threats.
  • Identity is a perimeter with excess access risks and access outliers.
  • Security cannot be assured unless organizations know: who has access, when the access occurred, and whether the identity should have access.

The solution to this challenge is identity analytics (IdA) which delivers a holistic visibility of all identities, accounts, entitlements and activity to determine excess access and access outliers across an organization’s hybrid environment, drawing from big data context and empowered by machine learning. IdA enables organizations to manage access with a risk-based approach, which would otherwise be virtually impossible through manual processes.

So, it’s all really as simple as E = mc 2!

To learn more about identity analytics as well as identity as the new security perimeter and access risk and threat plane, read Teri Takai’s chapter Identity, Access Risks and Access Outliers in Borderless Behavior Analytics – Who’s Inside? What’re They Doing?”  Or to get a broader picture of the challenges in emerging borderless hybrid environments, consider reading the entire book!

Website : http://borderlessbehavioranalytics.com

Previous
Next
Request a Meeting

Request a Meeting

captcha


What a name!

What a name!

GURUCUL (goo-roo-cool)  

The name Gurucul comes from Sanskrit (गुरुकुल). This word is a contraction of the Sanskrit word ‘guru’ which means teacher or expert and ‘cul’ means extended family or group. In ancient times this was the place of learning. As a security analytics company expertise and learning hold a very special meaning as it reflects in our name.