In past posts, we’ve talked about how evolving business and threat landscapes have necessitated more robust, modern, and integrated Identity and Access Management (IAM) solutions. The reality for organizations today is that the weakest link in deterring security threats, such as system breaches and data theft, are employees themselves. Whether intentionally or unintentionally, employee data leaks are startlingly common and can have devastating effects on an organization.

The easiest way to show success is through tangible measurement. When you roll out a new project or implement a new system, you can say that you think it’s working, but without evidence, you really can’t be sure. That is why metrics are so important to a business. Metrics enable an organization to know if productivity is up or if costs are down. They can also measure whether security has improved and identify opportunities to enhance processes. These reasons are precisely why it is so crucial to track identity and access management (IAM) metrics.

According to NRF, the retail industry annually hires between 700,000 and 750,000 seasonal workers for the holiday season. There is no reason to think that 2016 will be any different, with many retailers already ramping up their recruiting efforts for the November and December sales push.

Now that we’ve covered the business and technology trends and the evolving regulatory and budgetary challenges driving the need for a modern, robust IAM solution in the enterprise, it’s time to look at how they all fit together in an IAM upgrade pitch to your CIO.

From the massive Target data breach in 2013 to the Wendy's, UC Berkeley, IRS, and U.S. Department of Justice breaches of 2015 and 2016, today's enterprise exists in a security minefield in which a single misstep could lead to a massive breach and public blowout. As IT departments shutter and make sure to shore up their perimeter security, unfortunately, many overlook the fact that it was actually legitimate user credentials that were used in most 2016 data breaches, with some 63% being the result of weak, default, or stolen passwords, according to the new Verizon Data Breach Investigations Report (DBIR). These results drive home the point that passwords are the weakest link in the security chain and malicious intruders know it.

The goal of achieving compliance is to make sure that an organization is meeting minimum standards to protect sensitive data. In order to be compliant, a business needs only to meet the outlined requirements.

However, this does not mean that its systems and data are secure. Unfortunately, there are companies that treat compliance merely as a checkbox. Even when the minimum standards are met, data and accounts with elevated access are still vulnerable. Instead, achieving compliance should be viewed as the by-product of sound security practices. This starts with protecting the attacker’s most sought-after prize: privileged accounts with elevated access across the network.

In the first installment in this blog series, we looked at the many trends in the business landscape today (digital transformation, a changing workforce, and the shift to cloud IT infrastructures, among others) that are driving the need for a more comprehensive and integrated IAM solution. In our second blog in this series, we will take a look at why evolving regulatory and threat landscapes, combined with shrinking IT budgets, have necessitated more robust, modern IAM solutions.

When you hear about retail establishments suffering from a data breach, names like Neiman Marcus, Target, The TJX Companies, Michaels, and The Home Depot dominate the headlines. When you read these news stories, it might appear as if cyber criminals are only going after the big fish. Unfortunately, this might lull small and mid-sized businesses into thinking that they are not likely to be the targets of such an attack. This is supported by recent research that shows that more than three-quarters of all SMBs believe that they are safe from to cyber attacks.

The truth is, small and medium sized retailers make up 62 percent of the data-breach victim pool, because attackers know that small and mid-sized businesses are:

In Part 1 and Part 2 of my series on the value of identity, we looked at the consequences of revealing excessive personal information in public, more specifically the digital realm, can have on the individual and an organization. We saw that hackers can use the information you reveal on social media and the internet not only to impersonate and steal your identity, but to even infiltrate and take control of your company’s network. 

According to the new 2016 Verizon Data Breach Investigations Report (DBIR), legitimate user credentials were used in most data breaches, with some 63 percent of them using weak, default, or stolen passwords. This may come as some surprise to businesses that are not yet victims of such breaches as they continue to utilize homegrown, piecemeal, or legacy identity access management (IAM) solutions. While your CIO is focused on perimeter defense, your challenge is to shift this focus to the need for a more robust, modern, and integrated IAM solution, which is easier said than done.