Cloud computing and powerful portable devices have changed the way we work
The challenges of the past 18 months have shown how strong these innovations are.
However, the shift to new ways of working comes with an increase in security threats and a riskier business climate. Companies of all sizes must consider information security as a central pillar of their business operations.
The cloud is no exception. Moving to the cloud can actually improve security as cloud providers can focus their investments on protecting data. However, CISOs need to develop a consistent approach to cybersecurity across local, hybrid and cloud systems.
Digital technology, digital identity
Few, if any, companies can function without their applications and data. But this also opens up new ways for criminals, state actors and hacktivists to do business. Organizations rely on three pillars to protect their data: confidentiality, integrity, and accessibility. Maintaining these is of central importance in order to reduce risks for the company and at the same time ensure correct access for employees and partners. Security must adapt to new business practices and changing threats.
Strong identity, governance, and management policies are cornerstones of good security. High profile cybersecurity incidents, from ransomware to supply chain hacks, have often taken advantage of inadequate identity and access management processes.
Some of the most well-known attacks on records were made possible not because of an obscure zero-day vulnerability exploited by a nation-state, but rather because of something as simple as a compromised orphaned account that resulted in unauthorized access to a computer system and privileges, or escalation a sideways change from an insecure platform to a high-quality system.
To protect themselves against this, organizations need to know who has been given access to systems and applications – and ensure that access is revoked when it is no longer needed. A strong IGA system helps here. However, it is not the whole picture.
New risks, new threats
As the global pandemic drove the large-scale shift to remote working, remote workers have become attractive targets for malicious hackers because they are outside the corporate firewall and, perhaps more importantly, away from the security culture that comes with working in the Office goes hand in hand.
Switching to online office suites is just another area that criminal hackers exploit, for example through fake login dialogs for authentication. And attackers use technologies like artificial intelligence and machine learning to break through existing security measures. AI-based attacks are designed to mimic human behavior and evolve over time. This âarmed AIâ could even use information in the public domain to learn how to target an organization and bypass its defenses.
To successfully mitigate these attacks, you need to revisit identity and access management tools. Should multi-factor authentication be required sooner and more often? Should network access be limited to company-owned devices, or should access be limited to specific business hours or regions? Should access to critical systems and sensitive data expire automatically or should it only be granted on a task-related basis? These are key questions for both the CISO and the business users they support.
Use identity to stay ahead of threats
Restricting access to systems reduces risk but comes at a cost. Set the bar too low and the organization is vulnerable; Setting it too high can affect both efficiency and security as users may use unauthorized systems or âshadow ITâ to get their jobs done.
However, there are ways to balance security, compliance, and efficiency. More and more CISOs are looking for zero trust as a way to future-proof systems against new threats. But Zero Trust relies on robust identity systems.
There are other steps companies can take, such as: B. Investing in Identity Management Automation. This will significantly reduce the effort and friction for business users through security measures such as multi-factor authentication or time-limited access to critical systems.
This could include restricting access to certain devices, restricting access times during the day, and enforcing multifactor authentication (MFA) based on behavior.
In the past, attackers have focused on gaining high-level access to user or administrator accounts. However, companies have taken steps to harden administrator accounts and train their users in cybersecurity.
With the growth of the cloud and remote working, compromising knowledge workers has proven easier, allows access to valuable data, and offers more targets for attack. In addition, knowledge workers are not as security conscious as administrators. Companies therefore need a scalable Identity Governance and Administration (IGA) system.
Investing in IAM for end-to-end automation simplifies security and access compliance and reduces routine administrative tasks. Today, however, CISOs and boards of directors look beyond identity management. IGA is central to the discussion about security and governance.
Investing in IGA, and especially in technologies that include cloud technologies, will protect identities, improve efficiency, and make it easier for employees to keep track of business processes. Well done, it helps keep security centered on business.
About the author
As Vice President of Product Strategy at Omada, Rod Simmons offers visions of where the IGA market is headed and how Omada will maintain a leadership position. Rod works closely with the product teams and the chief technology officer to define Omada’s vision and goals to achieve the goals. As a 20-year-old industry veteran, he has a passion for innovation and software design. He has extensive experience in the development and development of cutting-edge products and technologies. Prior to Omada, Rod worked at Stealthbits, BeyondTrust, and Quest Software. During his tenure, he was Vice President of Product Strategy, Director of Product Management and Director of Solution Architects, respectively.
Selected image: Â© BillionPhotos