Table of Contents
- Executive Summary
- Insider Risk Management Sector Brief
- Decision Criteria Analysis
- Analyst’s Outlook
- Methodology
- About Paul Stringfellow
- About GigaOm
- Copyright
1. Executive Summary
Insider risk management is the process of identifying, assessing, and mitigating the potential threats posed by organizational insiders—those who have authorized access to the organization’s assets, such as employees, contractors, vendors, or partners. They may, intentionally or inadvertently, misuse their access, causing harm to the organization, its customers, or its stakeholders. This may occur due to data theft, confidentiality violations, insider trading, fraud, regulatory compliance violations, or simply by accident. No matter the cause, failure to identify and mitigate such risks can greatly impact an organization in terms of business disruption, financial losses, damage to customer relationships, and regulatory non-compliance, all of which can negatively affect any business.
Insider risk management is essential for protecting an organization’s reputation, assets, and competitive advantage. It can help an organization comply with regulatory requirements, enhance its security posture, reduce its operational costs, and improve its customer satisfaction. The threat posed to an organization by insider risks is significant, and a diligent business must ensure it has adequate protection in place to meet regulatory requirements, thwart security breaches, and satisfy the due diligence demands of the business leadership, its board, and its stakeholders.
While insider risk management must encompass appropriate policy and process, technology is essential for handling the scale and complexity of the threat. Thus, insider risk management solutions have developed, bringing a number of mature, well-known technologies such as asset discovery, user behavior analytics, and data loss prevention (DLP), which, together with supporting services such as alerting, reporting, and case management, form a cohesive approach that allows security teams to deter, detect, and disrupt insider behavior that poses a risk to important business assets.
Solutions are increasingly available as SaaS and are likely to take one of two approaches. Some are specialist analytics platforms, usually more appropriate for companies with existing mature technology stacks and security teams. And, increasingly, some are solutions focused on user and data behaviors. These are often targeted at those with gaps in their current approach to data or user security or in their security tool stacks, and at those with less experienced or less well-resourced security teams.
Business Imperative
The threat posed by insider risk is significant and often hard to identify. Sometimes the risk is unintentional, such as users carrying out tasks that can end up compromising an organization’s security. Malicious attacks will often use identities and systems that appear to be valid but have in fact been compromised. Those compromised accounts and systems, in an unprotected environment, can quickly gain privileged access to a wide range of financial, commercial, and personally sensitive data and information.
Such insider risk, whether accidental or malicious, can lead to loss of data and deployment of malicious code, while providing bad actors the ability to carry out detailed reconnaissance to craft more targeted attacks. Failing to identify such insider risks can result in catastrophic technical, legal and financial outcomes.
While deployed technology is critical to any successful security regime, when addressing insider risk, it is hardly the only factor. Building an effective approach involves implementing policies and procedures and creating a culture of trust and accountability, whereby insiders develop an awareness of their responsibilities and the consequences of their actions.
Leaders should plan for the business impact an insider risk management solution will have, including new policies that may change workflows. Such policies must make clear how insider risk will be dealt with to meet HR and legal requirements. Clear communication, along with well-budgeted training and support, should be considered essential components of an insider risk management strategy.
Leaders must also understand what constitutes insider risk. Many of the solutions in this space are flexible and comprehensive, but unless users have a clear understanding of what encompasses risk, solutions can potentially become overwhelming, leading to information overload and alert fatigue.
Insider risk is a substantial threat and IT leaders must ensure their organizations address it and must understand not only the technical impact, but the overall business impact of adoption.
Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of an insider risk management solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of an insider risk management solution, we provide an overall Sector Adoption Score (Figure 1) of 3.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that an insider risk management solution is a credible candidate for deployment and worthy of thoughtful consideration.
The factors contributing to the Sector Adoption Score for insider risk management are explained in more detail in the Sector Brief section that follows.
Key Criteria for Evaluating Insider Risk Management Solutions
Sector Adoption Score
Figure 1. Sector Adoption Score for Insider Risk Management
This is the first year that GigaOm has reported on the insider risk management space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective insider risk management solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading insider risk management offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.
GIGAOM KEY CRITERIA AND RADAR REPORTS
The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.