Yahoo announced a new way to let users to login to their account without the need for a password. With the new features, when signing in, an on-demand password is texted directly to a user’s mobile phone.
Like those college recruiting compliance departments that are constantly training, monitoring, and enforcing policies, the IT compliance activity of access certifications needs to become more intelligent and real-time.
It doesn’t take the most advanced tools to break into the the largest corporations on the planet. Between user behavior and the types of malicious files attempting to compromise enterprises, there are a few steps you can take to reduce your risk exposure.
When it comes to protecting against insider threat, there can be an over-reliance on policy and automated enforcement. Access Governance is a powerful tool to reduce the insider threat, but it needs to mature to the point where it is more responsive and more automated before relying on it completely.
Just as automation is applied to the process of Access Certification, the process of revocation needs automation to deliver an Access Governance program that not only satisfies compliance mandates, but actually reduces risk.