App Aware

As user access increases, our awareness of security is transforming around us. Mobility breeds a plethora of opportunities and a flourishing of potential in not only productivity, but innovation as well. Nevertheless, increased access also means increased risk. What is more is that oftentimes this risk is misunderstood, unaddressed, or even wholly unidentified, an consequence of the speed at which the mobile revolution has transformed the way we conduct basic operations. 

The Internal Revenue Service has just informed of a massive data breach of its online Get Transcript application, which the tax returns of about 104,000 taxpayers to be accessed by identity thieves. Whether mobile or not, we are faced once again with the stark realities and threats we must address alongside our expeditious technological progress.

Ponemon and ObserveIT released the results of an independent study conducted around access, mobility, and the vulnerability of applications in data ecosystems. The findings illuminated a number of concerning, yet predictable insights such as:

  • Audits and formal assessments reveal deficiencies in monitoring application access and usage, according to over 70 percent of respondents.
  • 71 percent of breaches were caused by application users, with only 18 percent stemming from privileged users.
  • Only eight percent of respondents say their organizations have deployed commercial auditing and monitoring solutions to monitor access and usage of applications.
  • Monitoring is mainly done by ad hoc, manual or homegrown systems that focus only on privileged users.
  • Current monitoring capabilities are unable to detect risky user behavior and 45 percent of respondents give them very low marks.

“This report clearly shows that everyday application usage and unintended actions are one of the biggest unaddressed risks challenging security teams today” said Paul Brady, CEO of ObserveIT.

Larry Ponemon (of Ponemon) spoke to the misconceptions and misunderstandings that obstruct efficient and flexible data security in ecosystems that are increasingly application dense.

“Through this study we have proven that business users are often not as security conscious as IT administrators and as a result put regulated and sensitive data at risk. Leveraging a service or technology to monitor access and usage with applications will become a mainstay as organizations look to prevent breaches and meet ever increasing regulatory requirements.”

With this said, it is no longer plausible to exclude applications from the workplace. It simply is not going to happen in a competitive business environment. However, as these applications have been identified as the key threats to sensitive data within closed ecosystems, a balance must be struck if any organization is going to stay afloat in this age. As dependent on data as we are, and as critical as security is to complying with privacy and regulatory requirements, leveraging outside services or engendering innovative solutions to security will be a paramount task.