Identity Management Institute has introduced and defined the term Digital Identity Transformation (DIT) as the “holistic assessment and improvement of business processes, people, and technologies to achieve excellence in identity
Continued adoption of cloud solutions and internet of things (IoT) technology across enterprises introduces new concerns associated with identity and access management (IAM). For networks to remain secure, enterprises seeking the benefits of updated technology must implement concurrent IAM policy improvements. However, 92% of IT and security professionals around the world admit to facing “at least one challenge” when it comes to identity management. Such challenges can lead to several common mistakes known to leave networks vulnerable to breaches.
Failing to Research IAM Solutions
Affordability and usability are key characteristics to look for in an IAM solution, but enterprises don’t often think beyond such basic functionality when choosing platforms and services. Prior to implementing, platforms must be examined to determine if the tools are appropriate and compatible. IAM solutions lacking smooth integrations can disrupt the seamless experience customers expect and employees require and may actually lead to more security problems.
Evaluating typical use cases and workflows can act as a guide in ensuring a good fit. Enterprise IT teams should ask:
• How many identities need managing?
• What level of access control is required to maintain security?
• Does the platform conform with compliance regulations?
• Who needs to access which resources, and what is the typical access environment?
• Can the company’s budget support the cost of implementation and maintenance?
• Is operation straightforward and intuitive for users?
Not Cracking Down on Misuse of Credentials
Employees who become frustrated by complex or confusing access requirements or who are forced to wait for IT teams to fix access problems may unintentionally abuse credentials. Password sharing is a common problem in enterprise environments as employees try to “help” colleagues work around their access issues. Logging in with someone else’s credentials may give a user greater access privileges than those granted by his or her own account, which can leave sensitive information vulnerable to loss or theft.
Malicious insiders may also gain unauthorized access to sensitive areas of the network by taking advantage of lack of IAM oversight. According to the 2019 Privileged Access Threat Report, insider threats were the suspected cause of breach activity at 64% of organizations. Correcting the problem requires a commitment to IAM policy enforcement and employee education, as well as greater diligence vetting candidates during recruitment.
Clinging to Passwords
Despite growing evidence of the inadequacy of password-only access control, some businesses still continue to rely on single-factor authentication (SFA). The danger of SFA is twofold: Employees have notoriously poor password management habits, and hackers can easily guess passwords or steal them through social engineering or from databases if proper encryption is not i place. Employees reuse the same password 13 times on average, so if a malicious third party obtains access credentials to one asset, access is likely to be possible in other areas of the network.
Multi-factor authentication (MFA) with an option for single sign-on (SSO) combines stronger authentication methods with streamlined operation to create a more secure, user-friendly form of IAM for enterprise environments. MFA typically uses passwords along with one or more other authentication method to make unauthorized access more difficult, and SSO allows users to access the network without inputting credentials numerous times during a single workflow.
Not Performing Device Audits
Forty-eight percent of enterprises can’t detect all the devices connected to their networks. This lack of visibility provides multiple infiltration opportunities for hackers and malicious insiders. Many IoT devices remain configured with default settings, including access credentials, which offer little or no protection against potential breaches.
Because every device an enterprise can’t see is tantamount to a breach waiting to happen, routine device audits are essential. Audits examine the network for previously “unseen” devices and determine configurations, authentication services and software versions. Devices in need of reconfiguration are updated to provide better antivirus and antispam protection, stronger encryption and improved device-level security.
Having a Fragmented Approach to IAM
Thirty-one percent of companies say they don’t have enough people on their information security teams with IAM responsibilities, which suggests the need for a shift toward a model with a core team of dedicated IAM experts. Creating a central IAM team can require a long search for qualified IT and cybersecurity professionals, but it’s worth the effort for enterprises relying on IoT technology to reap the benefits. Without a unified approach to the development, deployment, enforcement and maintenance of IAM policies, enterprises risk falling victim to vulnerabilities created when software and hardware updates are allowed to lapse and oversight of privileged accounts falls by the wayside.
Shifting focus to better IAM policies and consistent enforcement of access rules equips enterprises to leverage the power of IoT technology without putting networks at risk. By working closely with in-house and third-party IT professionals, it’s possible to maintain the level of diligence and agility necessary to identify and respond to potential threats in a continuously evolving security environment.
With the number of IoT connected devices projected to grow from 7.6 billion to 24.1 billion, with revenue more than tripling from USD465 billion to over USD1.5 trillion between 2019 and 2030, there’s a growing need for managing IAM challenges in the modern IoT landscape to secure systems. Users now interact with internet of things (IoT) devices in every area of life, and each point of connectivity presents another challenge for cybersecurity professionals. To implement appropriate security measures, it’s necessary to examine the various aspects of the current digital landscape.
Smart Home Security Challenges
The number of smart homes in North America will grow to 73 million by 2021, suggesting a continuing shift toward reliance on digital technology and automation for daily task management. A smarter home, however, doesn’t automatically mean smarter security. Millions of devices collect data every day, including information about personal habits and routines, which could give hackers all they need to appropriate users’ identities.
Each device in a home is a possible entry point for an attack, yet many devices fail to offer appropriate security. The innocuous nature of small devices, such as wireless doorbells and garage door openers, makes them prime targets for enterprising cybercriminals, and devices controlled via apps and computer interfaces are similarly vulnerable. In 2017, the average IoT device was attacked once every two minutes during times of peak activity, suggesting hackers are taking active approach to infiltrate smart homes and obtain login credentials and personal information.
Securing Smart Buildings
Smart technologies are bridging the gaps between critical systems in public buildings. Managed separately in the past, services like HVAC, power and physical access control can now be handled through a single building automation system (BAS). As of early 2019, 35,000 such systems were already connected to public internet around the world, giving rise to new security concerns.
Although a BAS can provide numerous benefits for building managers, the data collected by these systems can also be leveraged to launch attacks. Tools like Shodan, dubbed “Google for the internet of things,” can point hackers to vulnerabilities in smart building systems, allowing for the introduction of malware or the complete takeover of essential functions. Hackers with access to smart buildings have the power to cut off utilities or hold the entire system for ransom. Because institutions like health care facilities may rely on smart systems to manage infrastructure, such a takeover could be devastating.
Cybersecurity in Smart Cities
The concept of a smart city is no longer as futuristic as it once seemed. Many people already spend their days surrounded by sensors and IoT devices in public places, and an estimated 70% of the global population will live in connected cities by 2050.
Smart homes and buildings are just part of the equation. Smart traffic lights, street lights, gunshot sensors and even waste management devices are in use around the world, and many of the cars traveling city streets also contain connected sensors or devices. While this growing web of connectivity has great potential to improve safety and efficiency, it also introduces an extensive new threat landscape. The potential for compromise exists in all smart city devices and systems, which could allow hackers to cripple essential emergency services or shut down entire city sectors.
To further complicate security, smart city devices have much longer life cycles than other smart devices and require ongoing management to ensure they remain up to date. An attack on a single vulnerable device could lead to the compromise of the entire system and put the city’s population at risk.
Where Does Identity Management Come In?
Every interaction within a smart home, building or city environment requires authentication to confirm the identity of the person or device initiating the request. The security of such systems is tied to these digital identities, which means identity and access management (IAM) must be an integral part of all devices and networks to minimize the risk of attack. Stolen credentials can not only compromise the devices or systems to which they allow access but also allow hackers to obtain data from apparently unrelated areas of the network.
Moving toward unified digital identities will support seamless interactions with smart home, building and city devices by allowing users to digitize important identity information, such as driver’s licenses and bank account numbers. However, until such unification is achieved, multiple forms of authentication are required for secure network access, particularly remote requests. Producers and providers of smart devices and services will need to shift focus to developing stronger, more reliable security measures to support the growing reliance on IoT in all areas of society.
As IoT adoption continues to increase, cybersecurity professionals must prepare to meet the challenge of protecting wide networks of devices and the data they collect. Threat awareness and prevention are critical focus areas, and digital identity holds the key to managing the numerous interactions necessary for the success of these complex systems.
Since 63% of confirmed data breaches can be linked to weak, default or stolen passwords, the time has come for businesses to seek more reliable authentication methods. The increasing complexity of the cybersecurity landscape has rendered traditional passwords all but useless, and a nuanced approach to access management is necessary to protect against emerging threats.
Confirming Identity with Context
Contextual authentication takes users’ habits into account when determining whether to grant or deny access. It’s rare for users to deviate from their routines, so behavior patterns tend to be predictable. These patterns provide the context in which it’s “safe” for the system to authorize login attempts. Hackers using stolen credentials will find it difficult to replicate the exact circumstances under which users access their accounts, and contextual authentication enables flagging of unusual behaviors.
High numbers of false positives may be returned with this authentication method if contextual details are lacking. The system can “learn” new patterns over time, but providing comprehensive user profiles during implementation prevents the IT department from being swamped with alerts. When given enough information, contextual authentication monitors users’ sessions in the background and prompts for additional authenticating factors only when deviant behavioral or circumstantial factors are detected.
Adapting with Risk Evaluation
Evaluating risk levels is a key component of contextual authentication and can be invaluable in network environments where different degrees of security are required in common workflows. By taking into account the likelihood a system will be compromised, this authentication method is able to grant access based on the risk involved in specific situations. Circumstances are evaluated and given risk “scores,” which the system uses to determine whether additional credentials are required before allowing users to proceed.
The dynamic nature of a risk-based authentication model makes it possible for systems to adapt to context, evaluate individual access requests and respond appropriately. Businesses can integrate other authentication methods, such as biometrics or one-time passwords (OTPs), to provide extra layers of security. A properly configured system handles the majority of potential threats on its own and doesn’t alert the IT department unless it encounters a serious breach attempt requiring human intervention.
Pinpointing Users with Geolocation
Geolocation provides a significant amount of information about the owner of a device, which can serve as confirmation of identity to authorize a transaction. Businesses may use geolocation to prevent hackers from making purchases using stolen credentials by comparing a user’s delivery address to his or her physical location when placing an order. Geolocation can also detect significant deviations from a user’s normal login location or determine if an authenticating device is in the same location as the individual requesting system access.
The use of geolocation allows for granular access control in organizations handling highly sensitive information. A business may, for example, restrict its employees from logging onto the network only from within specific office locations. This ensures information is never shared over connections business can’t monitor, such as unsecured public Wi-Fi. Access rules may be adjusted to include other areas when employees are traveling or businesses expand into additional locations.
Geolocation isn’t infallible. It requires a strong cellular signal or Wi-Fi connection to work as intended and is no longer a viable authentication method if a device is stolen along with a user’s access credentials or a customer’s credit cards. However, it can provide valuable information when used as part of a broader contextual authentication strategy.
Authenticating with Apps
Equipping users’ devices with authentication apps eliminates the risks of using text messages for two-factor authentication (2FA) and mutli-factor authentication (MFA). Text messages can be hijacked with a SIM attack, in which a hacker diverts a user’s cell phone number to his or her own SIM card. All information meant for the user is then received by the hacker, including authentication codes, PINs and OTPs sent via text messages.
Authentication apps link to users’ accounts and provide unique codes whenever a change in context is detected, such as a login from a new device or an access request made from a remote location. Because the apps operate independently of Wi-Fi and cellular connections, the time-sensitive codes are always available for use.
When hackers attempt to gain account access with stolen credentials, they’re prompted to enter a code from the app. Without the associated device, the login attempt fails. Some apps allow for additional protections, such as PINs or passwords, to prevent hackers from obtaining codes on stolen devices.
These authentication methods give businesses several options for securing networks against infiltration. Building stronger authentication into existing access management policies reduces risk and provides the agility needed to adapt to modern security challenges. IT teams should evaluate current authentication methods to determine where vulnerabilities exist and implement appropriate controls to prevent attacks.
In order to manage cyber and data security risks, organizations assign a qualified person tasked with creating and maintaining a security program which includes policies, standards and guidelines. A security policy is a high level security statement that dictates how a particular security risk should be handled throughout the organization such as “all devices must be encrypted” while standards require the use of acceptable methods and tools for implementing and enforcing the policy such as the use of “Advanced Encryption Standard (AES) 256” while guidelines offer additional information.
Managing information security is one of the highest priorities in many organizations, especially those operating under heavy regulatory mandates and requirements. As we all know, information leakage and data breach is a high risk that can negatively affect organizations’ reputation and financials. Organizations that experience a personal and private data breach can expect to face loss of customers, industry trust and credibility, money, competitive advantage, and increased regulatory scrutiny.
It has been acknowledged that some executives and members of the management team may override information security policies (and let other employees violate the policies) by asking the CISO for a special treatment because the policy is a burden to their productivity and a bunch of other reasons.
A security policy override may come in a various forms. If the violator feels powerful in the company and knows that his or her wishes can not be rejected, the person will make a formal request to bypass the security policies at will. Other times, the person may just ignore the security mandates and violate the security policies without notifying the CISO as they might feel it’s a waste of time, the policy does not apply to them, or the request may be rejected and that they can get away with it when detected because of their powerful position.
To be fair, some executives may abuse their power and override security controls because either they don’t even know that their actions are in violation of security policies or they are not fully aware of the consequences of their security violations and how their actions may pose a risk to the company. As mentioned, they might just ignore the security policies because they are busy or even worse they might be planning to commit a fraud.
To deal with security violations, strong detection controls must be in place and communicated widely to make sure everyone knows that they are being watched and that there are serious consequences for violating the security policies. That said, detecting security violations can be a daunting job and sometimes impossible as the violators may be highly technical who can clear their tracks after they achieve their goals. Also, when a security violation is detected whether proactively or during unrelated audits, usually nothing happens if there is no Board and executive committee support to deal with such violations. Therefore, it is extremely important that the security program includes provisions for dealing with the violators and that the provisions are approved and supported at the highest levels of the executive board.
Sadly enough, the CEO and other high ranking officials have other business priorities that neglect security until a security breach occurs and it is then and only then when they make decisions within minutes to improve security which they did not make before the breach after dozens of business cases to explain the risk.
In conclusion, executives and management team members like all other employees should not be exempt from following any of the company’s security policies and procedures in order to ensure continued protection of company assets including confidential information.
Businesses conducting risk reviews can’t neglect cybersecurity in their assessments. The digital landscape is always changing, and projections suggest identity and access management (IAM), cloud services and updated security models will be key considerations for 2020.
Projections Show Rapid IAM Market Growth
Global market value for identity and access management is expected to hit $24.52 billion by 2025, up from $10.41 billion in 2018. Driven by expanding cloud adoption, the increased popularity of online banking and the introduction of more authentication methods, growth will continue at a compound annual rate of 13.02% across the market as a whole. Some segments, such as provisioning and multi-factor authentication (MFA), may grow faster or represent greater market share due to an increasing demand for specific products and services.
Cybersecurity Experts Face New Challenges from Innovative Hackers
Businesses may be surprised to discover they’re not so different from today’s hackers in the way they plan and execute their tactics. Far from being a bunch of enterprising but disorganized criminals without clear goals, hackers are engaging in global endeavors across the dark web, strategizing and competing in the same ways as legitimate corporations.
Trade in credentials, including credit card numbers, driver’s licenses and passports, has become as simple as e-commerce shopping. Stolen information can be purchased as individual records or in bulk batches and used for the purpose of identity theft, network infiltration or wide-reaching malicious attacks on numerous organizations.
Because identifying information is so readily available, data breaches must be treated as “when” instead of “if” possibilities. Cybersecurity experts and businesses need to understand hackers are formidable opponents and respond by putting stronger defenses in place to guard against unauthorized network access.
Zero Trust is Becoming More Nuanced
The zero trust model, defined by CSO as “a security concept centered on the belief that [an organization] should not automatically trust anything inside or outside its perimeters,” requires verification for “everything trying to connect” to a system. Access is denied anytime verification fails. More networks are adopting this model to guard against malicious access and prevent breaches caused by poor third-party security.
To succeed, a zero trust structure must take into account the unique combinations of users, behaviors, devices and access needs both inside and outside of networks. It’s not enough to consider only users directly associated with a network. Businesses must look beyond internal access and assess the security protocols of companies providing “as-a-service” products, such as software and identity management, as well as vendors, partners and other third parties connecting to internal systems. Loopholes and vulnerabilities in any area can lead to onsite network compromise even in zero trust environments.
Performing security audits and identifying the greatest threats provides a framework for zero trust implementation and management, and developing ongoing training for employees minimizes the risk of internal compromise due to ignorance or error.
Evolution of Cloud Computing Environments Requires More Focus on Security
North American businesses rely heavily on cloud environments for daily operations. Sixty-six percent have private internal clouds in place, and 65% use public cloud infrastructure. These complex cloud environments often include combinations of modern and legacy applications requiring nuanced access management to guard against attacks.
With increased cloud adoption comes more data, which attracts the attention of hackers. Enterprises and cloud providers must both assess internal security and access protocols, identify areas of weakness and deploy updated strategies designed for today’s evolving network structures.
Over 1 Million Customers Affected by T-Mobile Data Breach
News of the latest data breach at T-Mobile serves to emphasize the necessity of strong security and strategic IAM protocols. More than 1 million prepaid data customers were affected by the breach, which exposed several categories of personal information, including:
• Billing addresses
• Phone numbers
• Account numbers
• Plan information
Due to the nature of the affected data, T-Mobile was required to alert all affected customers. The company has since shut down access to the compromised database but hasn’t yet reported how long the information remained open to unauthorized access.
No passwords were stolen, but it’s possible for hackers to use the exposed identifying information to attempt to impersonate T-Mobile customers and gain access to accounts. The concern is nothing new, since the carrier previously suffered a similar breach affecting 3% of its customers in August of 2018.
The time has come for businesses and cybersecurity experts to prepare for greater threats and begin adopting protocols to safeguard against the strategies of modern hackers. As 2020 approaches, IT teams must focus on shoring up cybersecurity defenses and leveraging new tools for data protection. Attacks may be inevitable in the modern digital landscape, but a calculated approach to security offers the protection modern enterprise networks need to stay protected.
Stealthy hackers and targeted attacks are making it difficult to detect threats to users’ identities, especially in growing enterprise networks. More users and devices contribute to an increase in data, which must be monitored and analyzed for risks and potential breach activities.
The 79% increase in account takeovers from 2017 to 2018 points to overburdened IT departments lacking the resources to handle the monumental task of combing through data for malicious actions and responding to attacks upon discovery. Machine learning (ML) provides powerful tools to help with threat monitoring and detection and increase protection for all network users.
Learning and Determining Risk Levels
To “learn” what breach activity looks like, ML systems must be taught using either supervised or unsupervised learning methods. In supervised learning, ML tools are presented with known data sets, such as user behaviors, tagged as normal or aberrant. This establishes a statistical model the system later uses to differentiate between standard user activities and signs of network infiltration. The IT teams can adjust ML algorithms to correct false positives and improve future performance.
Unsupervised learning occurs when an ML system draws on known information about a person or group of people performing actions or making access requests on the network. Systems can then determine whether to approve or deny requests based on users’ privilege levels and access requirements. After initial “training,” ML is able to continue to learn new patterns and behaviors. Known as self-learning, this process enables classification of actions according to risk level to detect hacker infiltration without human intervention.
Protecting Users and Devices
The users accessing enterprise networks may be employees, vendors, suppliers or customers and may interact with data using a variety of devices. Businesses must address vulnerabilities and security loopholes to safeguard sensitive data and prevent network infiltration.
By training ML systems to understand and differentiate between varied types of user behaviors, enterprises can implement safeguards to be deployed automatically when malicious activities are detected. This minimizes the risk of fraudulent transactions and saves businesses the hassle and expense of cancellations and refunds.
Machine learning algorithms can also detect threats on devices while devices are in use, which prevents users from unknowingly infecting networks with malware from compromised devices and locks out hackers attempting to use stolen devices to gain access to network data.
Authentication and Fraud Detection in Real Time
The best IT department could spend every waking moment analyzing network activity and still fail to catch subtle attempts at identity theft or hackers operating with stolen credentials. Incorporating ML enables security systems to consistently monitor data sets and behaviors while learning and updating in response to new information.
Because ML operates in real time, problems are flagged at the moment of discovery. Alerts can then be passed on to the appropriate people in the IT department, or a predetermined solution can be deployed to prevent network compromise. Continual assessment of behaviors and risk levels supports smarter approval and denial of access requests, thus minimizing false positives and allowing IT departments to address real threats before user data is compromised.
Building to Scale
Humans can only handle so much data before requiring help, and with the massive scale of information collection and analysis at the enterprise level, it’s not practical to continually expand the IT department in an attempt to keep up with the influx. Even small businesses deal with a significant amount of data and benefit from the assistance of automated systems.
When using ML, more data is a help rather than a hindrance. No matter how many users and devices are introduced into the network, a security system with ML can continue to learn new sets of patterns and behaviors. Increased detail refines the system over time and reduces unnecessary security alerts. Businesses are free to diversify network access without risking compromise or outpacing the system’s ability to monitor network use.
Cybersecurity experts use ML to delve deep into the dark web and gather information to inform businesses of potential breach activities in advance. Just as ML can monitor enterprise network activity, it can also collect data from across the numerous channels hackers use to communicate and do business. Activities can be analyzed for potential threats, such as sales of detailed identity information or transfers of malicious files. Cybersecurity experts either use this information to enable the companies for which they work to protect their networks in advance or provide the results of data analysis to allow enterprises to improve onsite threat detection and response.
Making ML a primary tool in identity theft prevention helps safeguard businesses against inevitable attacks and preserve the identities of all users with network access. In combination with a qualified team of IT professionals trained in identity protection, ML supports a safe network environment and protects sensitive business data from clandestine threats.
Companies must continuously assess and upgrade IAM systems to manage risks. Operating with outdated identity and access management (IAM) systems limits business operations and puts networks at a higher risk for data breaches. In light of changing access needs and the complexity of modern threats, IT teams must examine existing systems for signs of obsolescence and take steps to implement solutions with features designed to support modern access needs.
These six signs are clear indicators and reasons to upgrade IAM systems:
A Legacy System is No Longer Supported
When a system reaches end of life, support dries up and updates cease. This can cause serious problems for businesses as vulnerabilities multiply and leave networks open to attack. IT teams can quickly become tied up troubleshooting problems without help from the system’s manufacturer, and performance will eventually fall short of IAM requirements. It may be impossible to successfully integrate new applications or devices, which has a negative impact on productivity and growth. New technologies introduced in the IT environment are left without protection or must be managed using a separate IAM solution. The resulting silos limit visibility and put IT teams in the awkward position of having to monitor two access environments simultaneously.
Third-Party Access Requirements are Increasing
Allowing increasing number of users to access a business network inherently creates a greater breach risk, which is exactly what IAM is meant to address. However, third-party access by customers, vendors, suppliers and other outside entities introduces additional concerns in self-contained legacy systems. Without tools to extend IAM controls beyond the confines of the main network, a business inherits every vulnerability of its partners.
To properly monitor the third parties accessing business systems and deploy appropriate controls in response to changing risk levels, companies must upgrade to modern IAM solutions. Granular control with automated provisioning and deprovisioning is essential for mitigating breach risk while maintaining appropriate access levels.
Automation is Limited
No IT team has the time or the resources to monitor every action taken on a business network. Human and device identities make a massive number of access requests every day in a typical enterprise, and hackers can easily slip under the radar if automated monitoring tools aren’t in place. A lack of agility and adaptability in permissions increases the burden on IT departments, requiring staff members to handle application authorizations, integration requests, provisioning and deprovisioning. Finding and addressing dead or orphaned accounts also falls to the IT team, and the process can take a significant amount of effort if a company has recently undergone a change in staffing.
Handling these responsibilities leaves little time to evaluate risk levels, address security alerts and launch protective measures against potential breach activity. Today’s IT professionals need the help of automated IAM systems with intelligent monitoring and controls to ensure the highest level of protection.
Scale is Becoming a Problem
The growth every business owner works for can become a nightmare if it outpaces the capabilities of a legacy IAM system. Limitations restrict functionality, and a complete upgrade may be the only choice for expansion. Failing to implement a new solution can lead to sluggish logins and slow system responses, which can spark frustration among users and drive down productivity.
Legacy systems may also put a cap on the number of applications a business can deploy. As competitors adopt newer and more powerful solutions, companies relying on outdated IAM platforms run the risk of falling behind. Restricted accessibility may also minimize options for mobile and remote workers and put limits on employees who desire flexibility.
Compliance is Threatened
Modern privacy regulations demand detailed network audit information and strong security protocols to keep data safe. Companies in industries with strict laws dictating the protection of highly sensitive information, such as health records or financial data, need IAM solutions with detailed monitoring and reporting tools. Adding a custom solution to an existing system in the interest of remaining compliant takes undue time and resources and puts more stress on overworked IT teams.
Newer Technology is Available to Upgrade IAM Systems
Holding onto legacy systems makes little sense when numerous cloud IAM solutions are available for businesses of all sizes. Artificial intelligence and machine learning make these tools faster, smarter and more adaptable than legacy IAM, which allows businesses to fine-tune access control policies for better management of all identities. Options like self-service password resets offload some of the burden from the IT department by putting minor administrative tasks in users’ hands, and improved authentication increases security across platforms and applications.
Updating IAM systems isn’t a task to be put on the back burner. IT teams should be consistently evaluating current IAM tools and solutions for shortcomings, flaws and vulnerabilities and making recommendations to strengthen network security. Creating a more agile system protects data in a changing threat landscape and allows businesses to adapt with ease as new threats appear.
As the definition of “identity” expands beyond human identity to include devices, animals, robots, and applications, we need to recognize why identity and access management is important and reassess our identity management practices. Additionally, increasing number of distributed cloud systems, BYOD, remote workforce, IoT, and data breach cases require smarter approach to identity and access management by leveraging new technologies in the areas of authentication, and artificial intelligence with machine learning to address system intrusions and data breach detection.
Many in the cybersecurity industry are recognizing the importance of identity and access management while risks continue to evolve worldwide as new threats, solutions and laws are introduced. Specifically, cyber crime, identity theft, fraud, and incidents of data breach are on the rise and global governments are scrambling to address privacy of consumers and manage risks through regulations.
Below is a list of reasons why identity and access management is important to the cybersecurity, data protection and privacy industries:
Definition of the Term “User”
As mentioned, the complexity of managing multitude of identities which need to be connected and have access to resources requires advanced IAM capabilities to validate access requests, grant the most appropriate access, and monitor activities to detect anomalies and prevent data breach. The term “user” referred to humans in the past but the definition of the term goes beyond humans to include robots, applications, and Internet of Things (IoT). One of the main objectives of IAM is to make sure authorized users have the appropriate access to the right resources at the right time as quickly as possible. This is why proper onboarding, access provisioning, and offboarding is so important to ensure continued and efficient security without hiccups.
Offboarding is a high risk area as managers do not have the same incentive to offboard contractors and temps as they do during their onboarding phase. Managing employees and their access may be more straight forward as they are often tied to the payroll system with integration to the central identity directory which has tighter controls than other systems, yet, if some systems are not integrated with the central identity directory, then removing a user from the directory will not trigger the removal of the user from all systems which is why offboarding is much more important.
Offboarding is a “silent” process according to Henry Bagdasarian which means no one complains when a user is not removed form the system until it is discovered during an audit or incident. However, onboarding is not a silent process as users and managers will complain for not having access to desired systems and data.
User Access Risks
Users who have system and data access are often targets of phishing attacks to steal their credentials. More specifically, privileged users who have elevated access are prime targets of cyber-criminals to access high value systems, data, and transactions such as invoicing, procurement, and payments. Stealing existing access is much more easier when targeting naive users than trying to hack into systems. This is because all of our high tech security investments can not prevent a data breach when an authorized user access is stolen and used consistent with the user’s usual activities to evade anomaly detection.
When applied properly, advanced identity and access management tools can help detect suspicious activities quickly whether they are committed by external or internal criminals. In fact, insiders who have highly privileged access pose the greatest risks as they may be disgruntled or have financial problems, therefore have the incentive and opportunity to commit a perfect crime. Highly technical users who have privileged access can also cover their tracks by modifying system logs.
Sometimes, users also make mistakes and errors which can also be mitigated with IAM tools and education. Identity and access risk awareness education is very important to prevent hackers from stealing user credentials.
Another reason why identity and access management is important in cyber security is because organizations must comply with increasing, complex and distributed regulations, and they must ensure and demonstrate an effective customer identification process, suspicious activity detection and reporting, and identity theft prevention. Identity and access management solutions can be leveraged to manage various regulatory requirements such as having a Customer Identification Program (CIP), Know Your Customer (KYC), monitoring for Suspicious Activity Reporting (SAR), and Red Flags Rule for identity fraud prevention.
Identity and Access Management is extremely complex and critical in managing security risks. Although technology is an important part of identity and access management which can be leveraged to support an organization’s cybersecurity objectives and strategy, effective IAM also requires processes and people for user onboarding and identity verification, granting and removing access, detecting suspicious activities, and keeping unauthorized users out of the systems. IAM can help organizations achieve operating efficiency and optimal security through state of the art technology and automation such as adaptive, multi-factor, and biometric authentication.
As companies become more aware of the urgent need for managing security risks through identity and access management, deploying systems, designing processes, and employing skilled staff also become apparent.
Rising cyberattack frequency and costs point to the need for a better approach to security. Attacks occur an average of once every 39 seconds, and the cost of a breach could exceed $150 million by 2020. Although businesses and organizations are aware of these threats, it still takes about six months to detect breach activity. Long delays between initial network compromise and security responses allow hackers to make off with large amounts of data, as was seen in the 126% jump in the total number of records stolen between 2017 and 2018.
Recent news shows no company, service or even country is safe from attack, but some promising changes in security programs and cybersecurity tools indicate an increasing understanding of threats and the steps necessary for prevention.
Creative Cloud Compromise
A “misconfigured” prototype environment is likely to blame for a breach at Adobe, which exposed information from almost 7.5 million Creative Cloud accounts to the public. The open database was discovered on October 19 and could have been exposed for a week or more. No names, passwords or credit cards were compromised, but hackers could have gotten their hands on email addresses, member IDs, product subscription information, payment status and other details.
The breach could have wide-ranging effects if hackers use email addresses and member IDs to launch phishing attacks in an attempt to collect passwords from unsuspecting Adobe subscribers. Replying to these emails and sharing credential information puts users’ accounts at risk may open the door for more malicious activity in the future.
Widespread Cyberattack Hits Multiple Targets Around Georgia
Over 2,000 websites were compromised in an attack in Georgia on the afternoon of October 28, including those of the country’s president, various courts, businesses, newspapers and media outlets. An additional 15,000 pages hosted by Proservice were also affected when the web hosting company was hit by the breach. The attack replaced many website home pages with an image of former Georgia president Mikheil Saakashvili standing in front of a banner bearing the words “I’ll be back.”
Georgia’s national TV station, Imedi TV, suffered a blackout as a result of the attack, and some computer systems remain compromised. Imedi stations and those of Maestro, another major broadcaster, went off the air, leaving the country’s residents without access to normal programming. Known vulnerabilities and a lack of strong cybersecurity may have contributed to the country-wide breach. The source of the attack is unknown, although some are pointing the finger at Russia as investigations continue.
Artificial Intelligence in Cybersecurity: Where to Now?
New and more complex forms of cyberattacks are allowing hackers to surpass the abilities of human IT teams to detect and respond to malicious activities on enterprise networks. In an ideal cybersecurity environment, systems would make use of predictive measures to create defenses against breaches before attacks occur. With artificial intelligence (AI), this model is closer to becoming a reality.
AI systems can use machine learning to track activity and create detailed profiles of users and how they interact with networks. By monitoring across the entire user lifecycle, AI tools can identify who accesses a network at what times, the actions they typically perform and the devices they prefer to use. This expands cybersecurity far beyond pre-determined parameters and single devices to create a holistic approach enterprises can use to enhance security protocols and respond to a diverse range of threats.
Using known breach characteristics to build data sets feeds more information into AI systems and increases the sensitivity of both monitoring and detection, which increases the accuracy of risk level predictions and enables dynamic responses when malicious activity is discovered. However, because the technology can still be subject to errors, AI can’t replace human teams entirely. It’s best used as an additional tool to improve threat hunting, speed up incident responses and minimize false positives so that IT teams can focus on bigger security issues.
Although $6 trillion in global cybersecurity spending is projected for 2021, 77% of organizations still lack cybersecurity incident response plans. The continued shortage of cybersecurity professionals presents a challenge for those seeking to develop and implement better solutions. Properly addressing threats, securing systems and leveraging the power of AI requires a detailed security plan and the help of a professional IT team to meet the evolving security needs of enterprises and government agencies.
Identity Management Institute® (IMI) is the leading global certification organization serving professionals in identity governance, access management, and data protection.
Since 2007, IMI certifications help global members advance in their careers and gain the trust of the business communities they serve with their identity and access management skills.
SUBSCRIBE TO IMI NEWSLETTER
Identity Management Institute
20555 Devonshire Street, # 366
Chatsworth, CA 91311, USA