[Cyber Security Whitepaper] Moving Towards an Identity-Centric Security Strategy
Cybercrime continues to increase unabated and at a torrid pace. In 2016, according to the Ponemon Institute, the estimated average cost of a data breach for an organization was $4 million dollars. And that cost increases the longer it takes the organization to detect and contain the breach. It also has an increasingly negative effect to the organization’s reputation.
At this point, a breach is almost inevitable. The number of attacks continues to rise and have become more sophisticated and difficult for Cyber Security professionals to keep up with. Social engineering (mainly phishing) is still a commonly used approach for exposing weak, default, or stolen passwords and per the 2016 Verizon breach report, compromised credentials account for 63% of those breaches.
This increase is happening in spite of historically high spending on security technologies and staffing. Traditionally IAM solutions have done a very good job aggregating information on who has access to what resources and using certification processes to validate what access is appropriate for a user’s job responsibilities. However, less time has been spent on what a user has been doing with those resources. In comparison to their peer group, is a user behaving the same or differently? Indices of behavior might include the type of devices being logged into, where, and when. It might include the types of data being accessed and where it is being moved to.
Identity Governance and Administration (IGA) Solutions
Similarly, Identity Governance and Administration (IGA) solutions have done a very good job of aggregating and reporting on “static” information. They can use who has access to what and provide an environment for that access to be validated through a certification process. However, IGA / IAM systems have not been able to report on what users are doing with their access. Today IGA systems are providing “dynamic” reporting on what a user is doing with the resources they have been granted access to.
The Importance of User Behavior
As an IAM specialist, I need to help organizations ensure that their users are behaving appropriately within their environment. This requires a new way of not only collecting data, but new ways to protect it, analyze it, and put it into the appropriate context.
- It requires the marriage of User and Entity Behavior Analytics (UEBA) with IAM data.
- Maximizing existing technology investments that have been made in solutions like Identity & Access Governance (IAG), Data Loss Prevention (DLP), Privileged Access Management (PAM), Multi-Factor Authentication (MFA) and more.
- Re-evaluation of organizational processes to ensure they are effective and encourage good IAM security habits.
The integration of historically isolated IAM data repositories with cohesive “detect and protect” tools for anomalous behavior, and automation of remediation actions to mitigate the consequences of a breach will be vital to protecting identities. IAM is no longer an important sideshow. It is moving to the center of an organization’s security program.
Identity at the Center
The traditional enterprise perimeter is gone. You may have heard this before, but identity is the new perimeter and it should be at the center of your security approach. Identity follows people and devices and requires new tools, like UEBA, integrated with existing tools, like IAG, PAM, DLP, and MFA to effectively and proactively mitigate costly impacts to an organization.
Organizations are already starting to adopt this new approach to IAM programs. Identropy has recently published a whitepaper, Towards an Identity-Centric Security Strategy, that details this fundamental shift in the Identity and Access Management space and explains how an organization can start to close up their gaps to a more secure environment. Give us a shout if you would like to talk more about this approach.