Leveraging Graph Technology to Securely Grant Employee Access

Thursday, November 12, 2015

Emil Eifrem

D3952b85dfe9e8b3b9c453532beb7208

Cybercrime is on the rise: in 2014 alone data breaches increased by 49% with more than a billion data records stolen or compromised. This represents 32 records lost or stolen every second. Indeed, recent incidents involving large financial institutions such as JP Morgan Chase have brought this to the forefront of media attention, and ensured that it is high up on the CIO’s agenda.

With increased scrutiny on data regulation from security bodies and the rise of modern working practices, where more and more employees are working remotely, organizations must ensure that the right people only access the right data. This can be a nightmare for all types of businesses to manage, but using graph databases could make this a thing of the past.

The threat of unsecure data

Every two days we create more data than we did from the dawn of civilization until 2003. Some of this data can be extremely sensitive, such as hospital records or bank details, carrying serious ramifications should it end up in the wrong hands. New laws are constantly coming into play, placing more responsibility on businesses for the safety of the data they look after.

And there are serious consequences should a company be found to breach these rules - not only could it tarnish an organization’s image, but they’ll also likely face hefty fines from the Information Commissioner’s Office (ICO). With this in mind, businesses must have an evolving strategy in place to keep data safe.

Giving the key to the right people

Recent research from Kaspersky Lab highlighted that for the first time accidental leaks by an employee overtook software vulnerabilities as the leading cause of data breaches. Organizations need to make sure that they have a plan in place to prevent these incidents following the wrong employee viewing or handling data they should not have had access to in the first place.

It is unthinkable to imagine that everyone within an organization has access to the same information, files and servers. For example you would not expect a bank branch assistant to be able to access the account information for top business clients, or a civil servant to be able to view critical files regarding international relations privy only to the Prime Minister. Equally, organizations need to ensure that the door is firmly closed to external threats, including data hacking and malicious acts of fraud.

Although the issues might seem obvious, the problem is vastly complex. Particularly as organizations grow, expand overseas and increase mobile and remote working practices this problem around access management begins to intensify. While most companies have an existing access management system in place some simply aren’t designed for the needs of new working practices and in many cases the authentication process can be a slow and painful one.

Guarding the Door

Good access management requires a comprehensive and intelligent system in place for quick and accurate identification of an individual’s right to view certain information. As workplaces become less driven by hierarchy, access to important information is no longer determined by an employee’s rank, it depends on other factors such as their specific role within the company and certain projects they might be working on.

This means a more granular and flexible approach to control is needed. This is where graph databases can help.

By their nature, graph databases are designed to query intricate connected data and can be used to identify problems and patterns in a quick and easy way. For example, when it comes to data access there are many questions that need to be asked, such as:

  • Who wants access?
  • How are they connected to the company and what is their role?
  • From where are they trying to access the data?
  • Have they tried to access this file before?
  • Do they work at the company?
  • If so, how long for and at what level?
  • And why do they need this data?

This is a lot of information that must be gleaned at once. Taking all of these factors into consideration is complex enough for just one individual, let alone if this needs to be done throughout an organization, on a daily basis – especially in an age where people expect immediate access to data that is usually requested online. Graphs can answer these queries in real-time, so businesses don’t need to rely on traditional methods such as cache permissions which take longer to process.

By storing all of this information and looking at an “individual” connection to other criteria (such as length of time worked at the company and their role), you can determine if that person should be granted access instantly. This identification process is vital in today’s environment where a data leakage of any kind can have disastrous consequences. Such activity is usually traced back to the wrong people, be it internally or externally, having access to sensitive data.

Modern working has arrived, with people expecting data access at the drop of a hat from all over the globe. Coinciding with this is constantly changing data regulation, making access management an increasingly complex (but vital) task.

One thing is for certain: traditional methods of access management can no longer provide a robust system that can adapt to the rapid pace of technological change. With graphs, businesses have essential information at their fingertips to identify the right people in real-time and give them the secure access they are entitled to.

About the Author: Emil Eifrem is CEO of Neo Technology and co-founder of Neo4j, the world’s leading graph database. Before founding Neo, he was the CTO of Windh AB, where he headed the development of highly complex information architectures for Enterprise Content Management Systems. Committed to sustainable open source, he guides Neo along a balanced path between free availability and commercial reliability. Emil is a frequent conference speaker and author on NoSQL databases, and tweets at @emileifrem.

Possibly Related Articles:
13009
Security Training Breaches
Information Security
Detection Security breach Graph Technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.