Device / machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.
There has been no shortage of thoughts and ideas proffered on how to manage and mitigate insider risk that comes with having humans as part of the ecosystem.
It’s true, the human is both the strength and the weakness. They are called upon to mitigate the risk and ameliorate the actions of the malevolent or careless employee. Where discussion has been sparse is how machine / device identity plays a part in insider risk management.
“There needs to be more application of the insider threat framework toward devices at the same level as we do with humans,” says Rajan Koo, chief customer officer, DTEX Systems.
Yash Prakash, chief strategy officer at Saviynt, observes, “Insider threats are increasingly introducing risk to organisations, primarily as insider identities have grown over recent years to include human identities and machine identities (i.e., APIs, bots, vendor accounts, etc.).
“By strengthening an organisation’s identity program, companies can more effectively mitigate this risk and reduce the impact of malicious insiders by spotting fraud early on and preventing the exfiltration of critical data.”
