Video: The insider threat versus identity and access management

What are organisations doing wrong when it comes to dealing with the insider threat? That was the topic of conversation when we sat down recently with Mark McClain.

Mark McClain, CEO, SailPoint
Mark McClain, CEO, SailPoint

In this video, recorded before the publication of the Panama Papers, Mark McClain, CEO and founder of SailPoint, addresses many of the concerns that will be on the minds of CISOs around the world as they absorb the implications of 2.6 terabytes of sensitive client information exfiltrated from the law firm Mossack Fonseca over the course of many months.

It's vital that companies have a granular view of who has access to what data and are also able to assess whether authorised users are making appropriate use of the data they have been granted access to.

Companies have, in the past, assumed that securing the perimeter is enough to monitor staff and prevent abuse but, McClain said, “What this led to is the bad behaviour, over time... we gave people lots and lots of keys over the course of their time with us but we just didn't bother collecting the keys back because there just wasn't a lot of concern about that.”

He continued: “What we have learned with systems that are no longer safely contained… inside the walls, now some of those systems are hosted by a partner of mine, they may be inside a cloud or inside a SaaS application so no longer does the security organisation feel it has a good handle on the keys.”

Watch the video below to learn more about Mark McClain's views on identity and access management.