A new perimeter-less insider risk management approach to security is needed that shifts the priority to the insiders’ interaction with data or the information object itself; in addition to the logical protection of devices or networks to safeguard data and monitor, audit and manage people.
Managing insider risk in the context of a physical corporate environment is difficult in itself, but the shift to a remote workforce and a “perimeter-less” workplace compounds these inherent challenges. There are four primary objectives of an insider risk management program – awareness, understanding, visibility and protection.