2011: The Year of the Insider?
This morning I was catching up on my IAM industry reader feed when I stumbled on this little nugget: CA Technologies Experts Predict 2011 as the Year IT Security Enables Cloud Adoption. The gist of the article is summarized here by Tim Brown, CA Technologies' Senior Vice President and Chief Security Architect:
Throughout the year, industry events and new discoveries impact the security and operations of our organizations. In 2011, IT security professionals will need to step-up their battle against the insider threat and leverage Identity and Access Management to shift the view of security to that of an enabler for cloud adoption.
I like Brown's point of view on this topic because he seems to advocates making security an integral part of the cloud strategy, rather than something that's considered at the end of the design & architecture cycle (or after the fact!). Security becomes a strategic advantage when you a) know that what you're releasing won't leave your organization vulnerable to attacks and b) aren't forced to patch or re-architect your solution after the fact because you've been compromised!
Unfortunately the potential 2011 "bad guys" don't just reside in the cloud. Brown goes on to cite the 2010 Verizon Data Breach Investigations Report which shows that "insiders" accounted for 46% of all security breaches, and he predicts that this percentage will increase again in 2011. Aside from conjuring up images of a good movie, this also reminded me of the foresight that CoreBlox' friend Matt Flynn showed early on when he began writing about the insider threat. Matt's blog posts are worth a read, as they will get you thinking about angles such as the "soft insider threat" (e.g. when an employee leaves a corporate USB thumb drive at Starbucks by mistake).
I'm also intrigued by this paragraph on how the active threats might be rooted out:
Organizations will begin using behavioral analysis to predict threat from the inside. There is case study research in this area that examines the psychosocial factors that can contribute to an insider breach. This data could be used to create predictive models that correlate psychological profiles or behaviors to insider breaches or crime. For example, how an employee reacts to stress; financial and personal predisposition to conflict; rule violations and the propensity to hide them when they occur; and chronic disgruntlement or strong reactions to organizational sanctions can all be indicators of risk for insider data breach. This data then could be used to step-up and tighten access and data usage rights.
How close are we to personality and mood-driven access management and provisioning? My guess is not very, but I'm sure large organizations would view this type of analysis as a small price to pay in order to guard against a much larger threat.
What are your thoughts on Tim Brown's predictions? Do you view behavioral analysis as invasive overkill, or a legitimate means of exposing potential insider risks?