Managing the insider threat

Access & Identity Management Handbook 2020 Access Control & Identity Management

The insider threat is so immense it now even has a month dedicated to it.

Gerard King.

With the mission-critical role played by today’s mainframes it is essential to pay close attention to the insider threat and the management of privileged users. I think we can safely say that there is little argument from any research house that the biggest security risk organisations face today is the insider threat.

However, that is not to say that the majority of insiders are malicious. Insider threats come from many sources. Certainly, malevolent insiders pose a threat, but often the threat originates from employee mistakes rather than malice, or a valid system account being compromised by an external attacker.

Faced with these significant threats, we must focus our security management practices at effectively mitigating the risks in this area. This is easier said than done as there are hurdles to overcome first.

The following are four best practices essential to the management of insider threat:

Assess and secure.

Govern and control.

Record and review.


Assess and secure

It is important to assess your existing security posture and, based on the results, implement the necessary controls to mitigate key risks. This involves identifying your privileged users and determining which of these users truly need this level of access. It is extremely likely you will find that you have too many privileged users.

You must also understand your data landscape. Make use of scanning and classification tools to gain an understanding of where your sensitive data resides, including financial, personally identifiable information, private health material and other information that is confidential to your business. Understanding your data landscape, and determining the risks of each classification of data that you own, will provide you with the necessary information to implement good risk mitigation capabilities. Restrict access to this data as much as possible and, in many cases, limit this access to only your privileged users.

Govern and control

The use of a privileged access management tool that allows privileges to be elevated only when needed will be important to ensuring you adhere to the principles of least access and therefore mitigate risks in this area. Also, the use of multi-factor authentication for privileged users is important to prevent these high-risk accounts from falling into the wrong hands.

Monitoring these accounts to ensure compliance with access policies is essential. This will involve understanding who has access to critical applications and data as well as being informed of who has been accessing these resources. Logging and alerting around this area will help mitigate many critical risks. It is also important to identify who has not accessed sensitive resources in several months or even years. These are the users that need their permissions reduced, which will in turn reduce your overall risk and is consistent with the principles of least access.

Record and review

It is crucial to monitor the activity of all users, especially privileged users. The use of tools that can monitor activity against security policies, and send alerts when these policies are violated, is essential.

Many organisations use Security Information and Event Management (SIEM) platforms within their Security Operations Centre (SOC). A best practice involves sending mainframe security events to these SIEM platforms. This allows the SOC to identify security issues on the mainframe and react quickly to reduce the risk to the business. But, it is important to filter and enrich the event information coming from the mainframe to the SIEM platform. This ensures that these events are clearly understood and don’t overwhelm the platform.

Operationalise – strengthen that risk posture

Now that you have the necessary steps and controls in place, you need to operationalise each area to ensure you maintain a good risk posture. This includes the ongoing use of clean-up tools to review if users need their level of access control adjusted, which will be necessary when employees change jobs or leave the company. Don’t forget to continuously scan for sensitive data, as data is always changing. Understanding when and where new copies of sensitive data enter your systems helps you adjust your access policies, reduce risk and pass audits.

Adaptation is key to survival

Remember, our environments are continuously changing and we need to continuously monitor these changes and adjust. With this approach we stand the best chance of keeping our risks at the lowest possible levels.

For more information contact CA Southern Africa, +27 11 417 8594,



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Facial access control for ministry
Issue 1 2020, ZKTeco , Access Control & Identity Management
The Ministry of Culture in Saudi Arabia has adopted ZKTeco’s facial recognition technology and fingerprint biometrics to manage access control into its building.

New Door Pilot app from dormakaba
Issue 1 2020, dormakaba South Africa , Access Control & Identity Management
With new dormakaba Door Pilot, automated doors can also now be operated on the basis of remote control technologies. The system, comprising the Door Pilot app for smartphones and a Wi-Fi interface for ...

Identity lifestyle
Issue 1 2020, Suprema , Access Control & Identity Management
Once the technology of the future, biometrics has quietly snuck into our daily lives through smartphones and access controls into our places of work.

Securing BP’s new head office
Issue 1 2020, ISF SFP , Access Control & Identity Management
ISF SFP was awarded the contract to secure the first development phase for Oxford Parks, the new head office for BP South Africa.

Combining aesthetics and access control
Issue 1 2020, Turnstar Systems , Access Control & Identity Management
Prestigious law firm Bowman Gilfillan recently upgraded its physical security with the addition of four Turnstar Speedgate Express access control lanes.

Video doorbells from Ring
Issue 1 2020 , Access Control & Identity Management
Ring has a number of video doorbells available in South Africa that run off batteries or power and enable users to answer their doors from anywhere.

Centurion to unveil new product
Issue 1 2020, Centurion Systems , Access Control & Identity Management
Centurion Systems will be hosting its third Access Automation Expo this year, with dates confirmed for Durban, Johannesburg and Cape Town.

Looking ahead with mobile access technologies
Access & Identity Management Handbook 2020, Technews Publishing, HID Global, dormakaba South Africa, Salto Systems Africa, Suprema, Gallagher , Access Control & Identity Management, Integrated Solutions
Given the broad use of smartphones around the world and the numerous technologies packed into these devices, it was only a matter of time before the access control industry developed technology that would ...

Mobile access is more secure than card systems
Access & Identity Management Handbook 2020 , Access Control & Identity Management
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new technology.

This is the future. This is what we do.
Access & Identity Management Handbook 2020, ZKTeco , Access Control & Identity Management
ZKTeco has created a unique range of visible light facial recognition products combined with a flexible Android platform.