Courion: LendingTree Joins Ranks of Britney Spears, Barack Obama and Societe Generale; Poor Identity and Access Management Leads to Rise of Insider Security Breaches

Business Wire, April 24, 2008

Taking a Proactive Approach to Controlling User Access Will Keep Organizations From Becoming the Next Headline

FRAMINGHAM, Mass. -- Reports of former LendingTree employees sharing passwords is the latest insider security breach to hit the headlines. Following Societe Generale, numerous cases of celebrity medical record breaches, and the violation of the presidential candidates' passport information, LendingTree is just another example of the serious impact poor user access management can have on individuals' privacy, and the reputations of the organizations that allow these breaches to happen, according to Courion[R] Corporation, a leader in access management and compliance.

User access control is a challenge that transcends industries, and an issue that many regulations, policies and guidelines focus on addressing - including internal business policies, the Sarbanes-Oxley Act, payment card industry (PCI) compliance, and the Health Insurance Portability and Accountability Act (HIPAA). However, associated compliance audits are often not enough to spur organizations take action. To avoid being caught "reacting" once a breach happens, organizations need to get aggressive about gaining control over user access, and proactively addressing the "Threat of the Insider." This includes better managing who gets access, monitoring that access and immediately taking it away when it's no longer necessary. So where do companies get started?

Courion has a long track record of success working with companies across highly regulated industries to help them mitigate security and compliance risks. To address security vulnerabilities associated with processes such as new employee onboarding and effectively managing changes to access rights based on new job responsibilities or departures from the organization, Courion's Enterprise Provisioning Suite[TM] solution features automated user provisioning, password management, access compliance and role management capabilities to ease compliance and audit requirements.

"Because of a lack of appropriate policies and controls, companies do not always know what applications and information their employees should or should not have access to, or how to enforce and maintain the appropriate levels of privacy and compliance," said Todd Chambers, chief marketing officer, Courion. "With today's enterprises expanding to include global outsourcing, virtualized environments and extended supply chains, companies are responsible not only for protecting data within their walls, but are also more accountable for data shared across broader environments than ever before. Ultimately, companies need to determine information access policies, and communicate, monitor and enforce them with a proactive approach that will facilitate control over the risk of insider threats."

Courion has a number of resources available for companies seeking more information or advice about Identity and Access Management solutions available to protect themselves against insider threats, including:

* Perspective Paper: Role Management - Provides insight for organizations looking to get started with role management, and how to engage their organization in the process.

* Perspective Paper: Achieving Real Results on the Road to Access Compliance - Discusses the importance of managing IT controls for user access with regards to ensuring compliance and surviving audits.

* Perspective Paper: New Meaning for ROI: "Risk of Insiders" - Addresses the increasing threat of insider data breaches and compliance infractions and explains the importance of managing access control to protect against risk.

* Webinar: "Identity Management (IdM): A Foundation for Governance, Risk and Compliance" - Features industry expert Michael Rasmussen, president, Corporate Integrity, who provides insight and practical advice on the role of Identity Management as a foundation for effective GRC infrastructure.

ABOUT COURION

Courion is the Enterprise Provisioning and Access Compliance Expert for results-driven organizations. Built on market-proven technology, Courion's software solutions streamline operations and automate business processes to simultaneously achieve cost, security and service quality results. Courion's innovative approach eliminates the complexity and barriers to provisioning and compliance adoption, resulting in an unparalleled track record of customer success. Courion recently achieved a perfect score in SC Magazine's 2008 Identity Management Group Test and was recognized as a Network Products Guide 2008 "Hot Company." For more information, please visit our website at www.courion.com.

Courion is a registered trademark. Enterprise Provisioning Suite is a trademark of Courion Corporation. All other company and product names may be trademarks of their respective owners.