The Critical Future of Identity and Access Management
By Joseph Carson, Chief Security Scientist, Thycotic
The traditional security perimeter is proving that it is no longer an effective cyber security control and fast growing technologies like Cloud, Mobile, and Virtualization make the boundaries of an organization blurry. For many years, organizations have protected their valuable and sensitive information by building a fence around those assets and all the data that flowed in and out of that organization was either via a single internet access point or on physical devices. That meant that a traditional perimeter was an effective measure because the boundaries were known. As long as the internet access was controlled by the data that flowed through it, it was possible to protect, monitor, and control that data. Organizations protected the internet access with firewalls, VPNs, access controls, IDS, IPS, SIEM, email gateways, and so forth, building multiple levels of security on the so-called perimeter. The non physical devices, systems management, and antivirus protected those systems and kept them updated with the latest security patches. This is a traditional security approach that has been used for almost 30 years, but in today’s world it is no longer effective alone.
Technology has significantly changed the world. In the past 10 years, we have seen the physical boundaries of an organization almost completely disappear. This has been a result of mobility and connectivity with almost every person in an organization becoming an internet access point. With the ability to simply connect their mobile devices together and enable a personal hotspot, the method to control the perimeter became much more difficult. At an average transfer speed of 50MB per second a person could transfer almost 600GB of data out of an organization within a day via a connection that is not being monitored or secured. This leaves us with the question-what is the size of your data vaults that contain sensitive data? This, in combination with Cloud and Virtualization, makes data today so much more transportable than ever before with data moving at fast transfer rates and more cloud services allowing data to be processed and easily stored in the cloud. With these evolutions and technological advancements, the traditional perimeter needs to also evolve.
“In the vast majority of breaches, more than 62 percent of cyber incidents, stolen identities, credentials, and privileged accounts continue to be the
prime target for hackers”
If we look at all of the cyber breach reports the past year–we can see that it has been busy for cyber criminals, with public reports describing more than 500 data breaches and more than 500 million records exposed in 2015. This includes the disclosure of 21 million U.S. Office of Personnel Management records, 70 million medical records at Anthem, and 37 million user details at Ashley Madison.
So why do we continue to see so many cyber breaches? If we look at why many of the cyber breaches in the past year have occurred, it comes down to three major factors that can be categorized into Human Factor, Identities and Credentials, and Vulnerabilities. With the digital social society, we are sharing more information, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks with the ultimate goal to compromise our systems for financial fraud or steal our identities in order to access the company we are entrusted with protecting. When our identities are stolen, it provides the attacker with the ease of bypassing the traditional security perimeter undetected and if that identity has access to privilege accounts they can easily carry out malicious activity that can sometimes go undetected for more than 200 days or until the malicious activity has already occurred.
In the vast majority of breaches, more than 62 percent of cyber incidents, stolen identities, credentials, and privileged accounts continue to be the prime target for hackers because they unlock the access required to exploit virtually any part of an organization’s network, including critical and sensitive data. Hacking privileged credentials can mean the difference between a simple perimeter breach and one that could lead to a cyber catastrophe. Once attackers gain access, they can escalate their privileges and move through networks to identify and compromise confidential information or use Ransomware to encrypt critical business data.
In today’s world where organizations can no longer rely on the traditional security perimeter as the only cyber security measure, it is ultimately important that the new cyber security perimeter is with the Identity and Access of the employee. This is the new and next generation security perimeter that can be effective in a world where systems and data can be located anywhere and be accessed at any¬time as long as the identity and access can be validated and trusted. We can see successful implementations where even countries like Estonia have taken an approach to enable citizens and the government to be able to interact seamlessly via digital identities which allow Estonian citizens to vote, bank, and file taxes from any location in the world. It also enables Estonia to introduce the world’s first E-Resident program. Organizations can take similar approaches by embracing Identity and Access Management as the way to protect their data and systems. This can be done by taking an approach at securing the digital identities, using multifactor authentication, securing privileged access and data, and continuously checking the reputation and behaviour of those identities. This ultimately moves the focus to the data and the system or person who needs access to it and not the so-called traditional security perimeter.
An effective policy and approach on Identity and Access management can help a company accelerate new technology adoptions and at the same time help avoid becoming the next victim of cyber crime.
Where can you start to get ahead? Here’s a list to get you in the right direction:
1. Educate key stakeholders on Identity Access Management
2. Discover Identities and Privileged Accounts
3. Automate the management and security of privileged accounts
4. Adopt and implement policies
5. Get better visibility of Identity and Privilege Account usage and compliance.
Operating since 1996, Thycotic is an IT security company based in Adelaide, Australia which prevents cyber attacks by securing passwords, protecting endpoints, and controlling application access.