INTELLIGENT ENTERPRISE SECURITY
need to be managed securely . As well as the organisation and enforcing a least exposing organisations to increased risk privilege approach – that is , granting of a breach , multiple identity siloes can users only enough privileges to do their create a compliance nightmare if named job and no more – you can make it harder users cannot be associated with related for attackers to accomplish their goals . activity , access controls and role-based For example , by restricting user access privileges . to specific systems and even within those
The growth of cloud , virtual and now systems to specific commands , it becomes Internet of Things systems will only more difficult for hackers to find the continue to escalate these challenges . And handful of IT staff with the right privileges they could have a catastrophic impact they need to access targeted data . Also , if not properly managed . The coming consider automated systems to provision European General Data Protection and de-provision privileges for specific Regulation for example , will levy fines limited time periods – further restricting of up to 4 % of annual global turnover access to users , and therefore any attackers for serious privacy breaches . That is not that might be inside your network . to mention the impact of reputational Monitoring and logging those privileged damage on customer churn and share accounts is also a great way to spot any price . It is no surprise that the average unusual activity and enforce best practices cost of a data breach to UK firms stood at of Identity and Access Management . over £ 2.5m last year .
But we need to go further .
IT leaders therefore need to focus on In a world where passwords are improving the maturity of their Identity susceptible to compromise and have and Access Management programmes . grown to the point where they can Try minimising the number of privileged no longer be managed effectively , accounts in the organisation . This can organisations must look to Multi-Factor be done quite simply and will start the Authentication . This is an easy win for process of reducing your attack surface . IT leaders looking to improve Identity By limiting lateral movement inside and Access Management as it adds an
KEY TAKEAWAYS
• A risk-based approach takes account of geographic location , role , and past behaviour to enforce Multi-Factor Authentication when log-in attempt is assessed as high risk .
• By limiting lateral movement inside the organisation and enforcing a least privilege approach , you can make it harder for attackers to accomplish goals
• By restricting user access to specific systems and within those systems to specific commands , it becomes difficult for hackers to find IT staff with right privileges they need to access targeted data
• CIOs , CISOs are responsible for complex IT environments , multiplying volume of passwords that need to be managed securely
• Consider automated systems to provision and de-provision privileges for specific limited time periods restricting attackers inside your network
• Forrester claims organisations with highest Identity and Access Management maturity suffer half the number of breaches experienced by the least mature
• Forrester estimates that 80 % of breaches involve administrator log-ins
• Nearly two-thirds 63 % of data breaches involve weak , default , stolen passwords , according to Verizon
• Privileged account credentials , such as those belonging to IT administrators , are particularly highly prized as they can offer access to highly sensitive IP and customer data extra layer of security at log-in – typically through biometrics or a one-time generated passcode .
Try combining this with Single Sign-On , designed to improve the user experience by consolidating access across multiple systems . Single Sign-On will also help reduce identity siloes and therefore improve visibility and compliance efforts . Ally this to a risk-based approach , which will take account of various factors such as the user ’ s geographic location , role , and past behaviour to only enforce Multi-Factor Authentication when the log-in attempt is assessed as high risk . This makes the whole process even more straightforward and friction-free for the user whilst maintaining maximum security for the organisation .
The results speak for themselves . Forrester claims that organisations with the highest Identity and Access Management maturity suffer half the number of breaches experienced by the least mature . This could have a very real impact on the bottom line , by saving an estimated 40 % in technology costs and an average of $ 5m in breach costs .
It is time to stop throwing money away on security investments and get to the heart of the problem , by rethinking how you authenticate and manage your users .
Kamel Heus is Regional Manager for Middle East and Africa at Centrify
39