INTELLIGENT ENTERPRISE SECURITY
need to be managed securely. As well as the organisation and enforcing a least exposing organisations to increased risk privilege approach – that is, granting of a breach, multiple identity siloes can users only enough privileges to do their create a compliance nightmare if named job and no more – you can make it harder users cannot be associated with related for attackers to accomplish their goals. activity, access controls and role-based For example, by restricting user access privileges. to specific systems and even within those
The growth of cloud, virtual and now systems to specific commands, it becomes Internet of Things systems will only more difficult for hackers to find the continue to escalate these challenges. And handful of IT staff with the right privileges they could have a catastrophic impact they need to access targeted data. Also, if not properly managed. The coming consider automated systems to provision European General Data Protection and de-provision privileges for specific Regulation for example, will levy fines limited time periods – further restricting of up to 4 % of annual global turnover access to users, and therefore any attackers for serious privacy breaches. That is not that might be inside your network. to mention the impact of reputational Monitoring and logging those privileged damage on customer churn and share accounts is also a great way to spot any price. It is no surprise that the average unusual activity and enforce best practices cost of a data breach to UK firms stood at of Identity and Access Management. over £ 2.5m last year.
But we need to go further.
IT leaders therefore need to focus on In a world where passwords are improving the maturity of their Identity susceptible to compromise and have and Access Management programmes. grown to the point where they can Try minimising the number of privileged no longer be managed effectively, accounts in the organisation. This can organisations must look to Multi-Factor be done quite simply and will start the Authentication. This is an easy win for process of reducing your attack surface. IT leaders looking to improve Identity By limiting lateral movement inside and Access Management as it adds an
KEY TAKEAWAYS
• A risk-based approach takes account of geographic location, role, and past behaviour to enforce Multi-Factor Authentication when log-in attempt is assessed as high risk.
• By limiting lateral movement inside the organisation and enforcing a least privilege approach, you can make it harder for attackers to accomplish goals
• By restricting user access to specific systems and within those systems to specific commands, it becomes difficult for hackers to find IT staff with right privileges they need to access targeted data
• CIOs, CISOs are responsible for complex IT environments, multiplying volume of passwords that need to be managed securely
• Consider automated systems to provision and de-provision privileges for specific limited time periods restricting attackers inside your network
• Forrester claims organisations with highest Identity and Access Management maturity suffer half the number of breaches experienced by the least mature
• Forrester estimates that 80 % of breaches involve administrator log-ins
• Nearly two-thirds 63 % of data breaches involve weak, default, stolen passwords, according to Verizon
• Privileged account credentials, such as those belonging to IT administrators, are particularly highly prized as they can offer access to highly sensitive IP and customer data extra layer of security at log-in – typically through biometrics or a one-time generated passcode.
Try combining this with Single Sign-On, designed to improve the user experience by consolidating access across multiple systems. Single Sign-On will also help reduce identity siloes and therefore improve visibility and compliance efforts. Ally this to a risk-based approach, which will take account of various factors such as the user’ s geographic location, role, and past behaviour to only enforce Multi-Factor Authentication when the log-in attempt is assessed as high risk. This makes the whole process even more straightforward and friction-free for the user whilst maintaining maximum security for the organisation.
The results speak for themselves. Forrester claims that organisations with the highest Identity and Access Management maturity suffer half the number of breaches experienced by the least mature. This could have a very real impact on the bottom line, by saving an estimated 40 % in technology costs and an average of $ 5m in breach costs.
It is time to stop throwing money away on security investments and get to the heart of the problem, by rethinking how you authenticate and manage your users.
Kamel Heus is Regional Manager for Middle East and Africa at Centrify
39