PCR Magazine July/August 2024

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Security

NON-COMPLIANCE IS FUTILE

David Higgins, EMEA technical director at CyberArk looks at tackling the compliance landscape through identity security.

W

ith security regulations seeming to shiſt and change on a day-to- day basis, navigating compliance

requirements can be a tricky task. Auditors now require more than just access reports; they need evidence of robust controls safeguarding identities across various environments. As compliance obligations broaden to cover a wider array of human and non-human identities, organisations face escalating risks and increasing costs associated with non-compliance. Te evolving regulatory landscape is a

good illustration of this in action. Directives such as NIS2, DORA, and the NIST Secure Soſtware Development Framework highlight the growing emphasis on enhancing security across vital sectors and internal systems. Meanwhile, the stakes of security compliance continue to climb. Te average cost of a data breach increases by as much as 12.6% when an organisation is found to be non- compliant, illustrating the need for changes in how businesses approach regulation. Te encouraging news is that there exists a direct correlation

between strong controls and successful compliance. Organisations now have the technology available to identify, secure, and report on high-risk access, meaning your business can adopt a proactive

36 | July/August 2024

approach to meet regulatory requirements. Here are some of the key measures your organisation can implement to achieve this goal.

Identifying and assessing high- risk access You can’t protect (or report on) what you can’t see, yet many security decision- makers lack a complete picture of human and non-human access to sensitive resources. To proactively meet regulatory demands, organisations must adopt a more

comprehensive approach to discovering, securing, and reporting on high-risk access. One place to start is by conducting an inventory of all accounts

with administrative or elevated privilege access to systems, apps, servers, networks and more. Another critical step is discovering privilege across your organisation’s myriad endpoints, like workstations and servers. Tese are fundamental types of visibility, and many organisations are accustomed to them. As we delve into new types of identities and environments

however, compliance becomes more difficult. For example, developers and cloud ops teams are oſten over-permissioned with direct access to sensitive resources as their organisations rush to

www.pcr-online.biz

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52