That is why experts recommend a defense-in-depth strategy that relies on useful complementary measures, such as encryption, monitoring, network access control and data leak prevention (DLP).

Vendors, such as U.K.-based Lanxoma, are offering innovative ways to keep an eye on employees. The firm offers a solution that records a user's screen, keyboard and mouse when they are accessing, for example, the database.
"We're providing a DVR recording of what a worker did while they had privileged access," says CEO Manoj Patel. "It's allowing the folks to carry on and do their jobs without hindering and slowing them down, but providing management with a means to know what the folks did while they had access. And if you know you're being monitored, it acts as a massive deterrent."
DLP, meanwhile, is often hyped as a capable method for stopping insider unscrupulousness. CA has taken note and in January acquired Orchestria, making it the first IAM provider to combine its offerings with DLP.
The integrated solution essentially allows an enterprise to update its DLP policies to reflect a user's access rights, says CA's Mann. "ID management now extends out to the points in the network that it currently didn't reach out to," he says.
At Pioneer Electronics, controlling access is a LAN-wide commitment, says Reissmueller. That is why the company not only deploys an IAM-specific product to deter people from accessing certain applications, but also runs a separate solution from ConSentry Networks that stops these people from even seeing the login page in the first place and, thus, not having the opportunity to guess or hack into the program.
"IT needs a broad way to control who can access which resources on the LAN," says Jeff Prince, co-founder and CTO of ConSentry. "IT needs the ability to tie a user to his or her role and then control which servers, applications and even individual files that user can reach. That level of identity-based access control is essential to protecting assets on the network."
The additional visibility is just one more way Pioneer can protect its data and maintain its brand, says Reissmueller, who also serves as the company's regional chairman of security for North and South America.
"IP is a big concern to us," he says. "Being able to ensure that information is only getting into the hands it's supposed to is obviously very important. We're one of the most innovative companies in the marketplace. That's why we've done so well."