10 symptoms that your identity management is vulnerable
- Posted on December 8, 2015
This guest blog post was authored by Andrew Hill, Cloud Consultant of CloudTalent, an Avanade subsidiary.
Every business has information it needs to protect, yet many businesses still just believe their intellectual property and customer data are safe and secure. Assuming data hacking happens to someone else isn’t wise - ask the people at TalkTalk and Vodafone. We will always be playing catch-up against attackers since they will always since it’s easier to destroy than build. And what we are learning now is hackers have no pattern.
Think that they target only money or IP? Think again. Attackers are targeting charities, small or large businesses, government departments, etc. There simply is no rhyme nor reason! But don’t just take my word for it, Nick Scott of Director Magazine illustrates this point in his article on the subject.
I have been helping companies improve Identity Management for the last 20 years and, time and again, I keep on meeting clients who take the subject seriously, yet don’t get around to managing it effectively. Too often I’m left with the thought, “how have they survived attacks or malicious threats for so long?”
Issues often arise from poorly maintained Active Directory environments – software used by over 90% of the world’s organisations to host their identities. Active Directory is 15 years old and what we are seeing is vast numbers of organic growth with little to no planning, design strategy or identity management by companies. Over time, Active Directory can become degraded – particularly when companies merge or split, but often because there was little understanding of just how quickly things can get out of control when not properly managed. So how can you tell whether your business is vulnerable?
Here are the 10 things to look out for:
- Active accounts for ex-employees
- Too many user accounts in your administration groups
- Active accounts for people that never joined the company in the end
- Users that have acquired access to data they no longer need, or should have, through moving around the company
- Access groups that no longer resemble the requirements of the organisational roles
- A hugely complex access model that nobody can unpick or dare to go near
- Proliferation of Active Directory forests due to lack of long-term planning and short-term tactical solutions
- Incomplete migrations leading to token bloat and vulnerabilities through SID History which then also leads to complexities and higher costs
- Lack of self-service capabilities that can open up social engineering possibilities, which also generates reduced productivity and high support costs
- Staff use of single accounts to perform administrative tasks, as well as day-to-day tasks, including accessing the internet
Managing and maintaining is your Active Directory is your best defense against malicious attacks and to improve security for your organization.