Identity Access Policy, EncryptionBy David Strom | Posted 2009-01-08 Email Print
The key is to understand what needs protection and to find out what’s missing from your existing security strategies and solutions.
Set identity access policies carefully. As the number of compliance regulations increases, it is harder to understand their implications in terms of which staff is responsible for maintaining which identity access repositories. Often, enterprises end up having multiple sources with conflicting policies.
At Citizens Bank in Riverside, R.I., David Griffeth, vice president for business line integration, did an extensive overhaul of his identity management program. In the process, he found that the automated provisioning tool was not sufficient for role management.
“We needed to efficiently create roles to marry people with processes and technologies,” he says, “but found that [the existing solution] didn’t support the role management life cycle and didn’t include applications outside of its provisioning scope. We also found that our program wasn’t as dexterous as the business: As soon as our business needs changed or we acquired another bank, we had to use paper forms to update our systems. The worst thing for an identity management program is to go stale and not evolve at the rate of your business.”
The bank wanted a solution that would define roles quickly and maintain them efficiently. In the end, it chose Sailpoint. “We can see application profiles and which departments have access to them on a daily basis,” Griffeth says, “and we can manage this when change occurs. Our new program cut down access to various systems by 10 percent or more, and really tightened things down.”
Choose encryption and apply it intelligently at the most appropriate places around your network. After studying its encryption needs, Prudential Financial chose Vormetric’s Data Security Expert encryption software. The software “gives us the ability to effectively encrypt server-based data at rest and manage that protection effectively,” explains Thomas Doughty, Prudential’s chief information security officer. “We had some customers who needed a tool to encrypt data at the device rather than re-engineering any of our databases.
“We wanted to remove the burden of encryption from the servers that held our data so that we could operate at wire speeds. This is different from whole-disk encryption products—which are still important, especially for mobile users who have to carry confidential data with them. With the Vormetric system, our customers’ data, such as group health insurance plans, are encrypted before any information enters our servers, so we can be sure that we can manage and protect the data properly.” The solution was also attractive because it can scale as Prudential’s business increases.
There are many endpoint security solutions. The key is to understand what needs protection and to find out what’s missing from your existing security strategies and solutions.