With relative ease, a disgruntled employee could inflict quite a bit of damage to a company’s infrastructure. As such, more companies are investing in and deploying identity management capabilities to protect themselves.

By now, most of us are completely unfazed by the multitude of security measures we might face in a single day. For me, punching in a secret code to get into work has become second nature. I also take my shoes off without batting an eye while moving through airport security.

Ok, so maybe we still have a lot of work to do around securing our borders and airports, but what about the workplace? It’s not a fun thing to think about, but a determinedly disgruntled employee could inflict quite a bit of damage to a company’s infrastructure with relative ease.

A rising number of organizations are coming to this exact realization; however, as new research indicates, few are taking a proactive stance on protecting themselves from the inside out. While a small percentage is tapping into identity management capabilities to protect themselves, it’s usually due to regulatory mandates such as Sarbanes-Oxley, Gramm Leach Bliley (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). According to the AberdeenGroup, identity management makes up a “collection” of technologies to include single sign-on, access control lists, provisioning and audit. In practice, technologies that enable identity management are integrated and often offered as components of systems management or middleware.

To get a better handle on how companies are investing in and deploying identity management, AberdeenGroup surveyed 88 companies. Surprising results from the study include the following:

• A majority of respondents have yet to implement technology to address insider threats ─ only 41% have done so. When organizations did use technical solutions specifically to address insider threats, the primary challenges respondents cited were limited IT resources and software complexity.
• Best in class users reported a 13% average decrease in security events, vulnerabilities, and code defects while industry norm and laggard companies that use insufficient technologies and processes saw an average 12% increase in security events, vulnerabilities and code defects; laggards experienced a 35% increase.
• Moreover, 100% of best-in-class companies cite data protection as the number one factor driving them to implement technology to combat an insider security breach or attack. Best-in-class companies were also more likely to establish employee policies for authentication and access (75%), and create a business case to support deployment (75%).

And get this: A recent Search CIO article points out that, in addition to the threat of disgruntled employees, a potential new trend is that of criminals targeting end users within an organization and persuading them to execute an attack, according to the IBM Global Business Security Index. That’s a scary thing to think about, according to one William Pulleyblank, VP, IBM Center for Business Optimization. In the article, Pulleyblank creates an unpleasant scenario, the principal of which could apply to any company within any industry:

“…Say a person is entitled to look up social security numbers and do a credit check as part of mortgage application, then all of a sudden this person decides to run 500 people through in the after hours.” On the bright side, Pulleyblank says this type of transaction may normally run 9 a.m. to 5 p.m., so this type of behavior would raise a red flag if the right identity management solution were in place. Some of these solutions are able to configure historical activity of employee activity and behavior. If naughty behavior is detected, the computer of the employee in question automatically shuts down.

How would you feel if identity management solutions were implemented across your organization?