Every once in a while, we get one of those “I coulda had a V8” items in the news. The recently announced Lending Tree breach appears to be one of those. From the reports, Lending Tree files were breached, and full credit files were sold to both other mortgage lenders, and to criminals.

These kinds of reports barely qualify as news any more – they happen so frequently they fall in the category of “Dog Bites Man”.

I like this story though, because it’s such a great example of the type of problem that can be prevented with Identity Management software. Lending Tree wasn’t “hacked” per se. Authorized users left the company, but the company didn’t terminate the access and application permissions of those users. Those (ex)-users then stole the company confidential information.

The basic function of IDM services is to provision and DE-provision users. When someone leaves the organization (for whatever reason), you revoke their privileges- that’s just basic common sense. It’s easy for organizations to handle the physical security aspect of a departure — it’s easy to be quantitative about a stapler, file folders or access to the building — so they require building security to escort the individual off premises, and to retain their badge/key/keycard.

But when it comes to digital credentials and systems access, very often there is no one to revoke access.

Automated provisioning software from folks like Novell, Sun, IBM Tivoli, Oracle — all allow an organization to automatically de-provision users, and it check for improper and orphaned accounts.

Dilbert’s company might want to invest in some Identity Management software (in today’s paper) –

Filed under: Identification, Privacy, Provisioning, Security