Peeling back the layers of identity and access management
In cybersecurity, there is no one-size-fits-all solution. When it comes to identity and access management, the set of practices, policies and procedures that an organisation decides to put in place, as well as the software solutions it chooses to utilise, need to be tailored to its specific needs. Often, however, businesses either fail to see the value of their digital assets and underestimate their need for proper identity and access management or end up choosing solutions that are inordinately complex and expensive relative to the types of data they are protecting and the risk they are facing.
For this reason, here is an easy to understand guide of some of the possible IAM functions that organisations should adopt, alongside a little insight into the sometimes-daunting lingo of identity access management.
Identity governance and administration (IGA)
IGA is the umbrella term used to describe all the IAM measures taken by an organisation to ensure that users have the right access and to prove that said access is correct. Good IGA means that an organisation has control over all its identities and the access they enable, including access to applications, data and privileged accounts. The benefits of maintaining solid governance over access are reduced risk and increased control on for on-premises, hybrid or cloud networks.
Username and password
Simple username/password combinations are one of the least secure forms of authentication. Yet many organisations still employ them due to the expense and complexity often required to implement stronger forms of authentication.
Many businesses sometimes think the information they store would be of little interest to cybercriminals; however, a breach to their systems could not only be of great value to hackers but could also open up much wider networks – such as that of its clients and suppliers - to criminal activity.
To discourage simple user/password authentication measures, the state of California has recently approved a bill that will ban simple log-in credentials (such as the combination admin/password) from 2020. The rule will apply to manufacturers, who will have to devise a more secure approach for the products and gadgets they distribute, which often have basic passwords based on default factory settings. The law will demand that each internet-connected device comes with a unique password or a start-up procedure that allows users to set up their own log-in credentials.
Active Directory (AD)
Perhaps the biggest burden on helpdesks is the relentless need to help users reset passwords and unlock accounts when they’ve forgotten them. Trends towards stronger password policy and greater emphasis on securing these credentials have only exacerbated the problem. However, there are tools that can greatly reduce the number of helpdesk calls by providing self-service functions for regular and ad-hoc password changes, ensuring that the process is secure.
Role-based provisioning and access control
Used by the majority of organisations with more than 500 employees, role-based access control (RBAC) is an approach that restricts system access to authorised users based on their role within the organisation (or Group membership in AD). It is based on provisioning different levels of access to applications and data based on the role. The provisioning of permissions happens automatically, drawing information on people’s duties from an authoritative data source such as the HR system.
Multifactor authentication (MFA)
Multifactor authentication (MFA) has been applied to many consumer products, such as email, mobile phones and bank accounts to provide an additional layer of security on top of the traditional username and password login. It is also a valuable tool for enterprise identity access management, as easy-to-use solutions have been developed to ensure that the authentication process doesn’t slow down productivity. Smartphone-based approval and fingerprint recognition are just two examples of how organisations can effectively implement a further layer of security without it becoming an impediment to employees.
Privileged password management
As most systems have an all-powerful, and often shared administrative login, it is wise to add secure management of privileged credentials to the IAM mix. Privileged password management can be added as an additional layer of security. Privileged password management tools store passwords in a secure vault, issue them as needed according to pre-established workflows and approval paradigms, and rotate them in pre-set intervals.
Privileged session management
When coupled with privileged password management, privileged session management allows organisations to control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Session recordings are particularly important for forensic IT, as they allow organisations to track suspicious activity happening in their systems.
Recently, regulators have started to put pressure on enterprises to record sessions that require privileged access, which will draw more attention to this kind of solution. Combined with MFA and privileged password management, privileged session management greatly increases the security of an organisation’s identity access policies.
Privileged behaviour analytics
Another valuable tool in IT forensics, privileged behaviour analysis allows organisations to single out suspect behaviours and to uncover threats coming both from inside and outside organisations. The user behaviour analytics technology can detect anomalies and rank them based on their risk level, enabling businesses to prioritise their threat response and take appropriate action. Combined, data from privileged account analytics and other sources - such as system and audit logs and session data - can further strengthen an organisation’s privileged access management standpoint and make the enterprise’s PAM portfolio complete.
With no scarcity of cyber threats in sight, building a cybersecurity strategy that implements the many facets of IAM is an essential way to prepare. Identity is swiftly becoming the new perimeter within organisations as attackers determine the fact that they are more likely to breach individuals often seen to be the path of least resistance into enterprise networks. Getting Identity and access management right is key to limiting the potential damage that attackers can inflict on organisations, while also reducing the threat from malicious insiders.
Industry: Cyber Security News
- Outside IR 35 CONTRACT SC CLEARED Cyber Security Operations Analyst SPLUNK ES- UK REMOTE- £500 a day.
6 month contract Outside IR35 Operational Cyber Security Analyst. Hands on Splunk Security Enterprise and Security clearance is required As is someone that holds SC clearance. SOC and Vulnerability management experience. Vulnerability Analysis / Management - Tenable
- SailPoint Consultant
- Upto €80,000
SailPoint Consultant is need for this rapidly expanding global business, The business is currently in the middle of a SailPoint Deployment, they require an experienced Consultant who is able to help them on this Journey You will be responsible for helping to configure and deploy SailPoint as well as on board applications onto the platform You will also work with the business to understand workflow and process to help align the way the business works to ensure that the business gets the most from the deployment We are looking for an experienced SailPoint consultant who has experience with both Deployment and BAU work and is interested in joining a business which is at the start of an interesting IAM Journey
- SOC Manager Security Operations. SIEM, Threat / Vulnerability, IR, SOC Service- Exclusive
- United Kingdom
SOC Manager- SIEM, Threat / Vulnerability, Incident response. Exclusive Project. Management and on growth growth of Security Operations Centre capability. Managing and maturing the team, technical services line and fronting client engagements where needed. An in-depth technical background is essential, experience across SOC SIEM/ Threat Hunting (IR) tools, processes, techniques, operational is a MUST. The role will include, but not limited to; evolving the technical process, building operational capability, managing and hiring team, involved at a high level overviewing policy/playbooks, fine turning of the go-to-market collateral etc.
- Contact 12 month- Security Operations- Tanium Engineer / Analyst.
- United Kingdom
- Dependent on experience
Security Operations engineer / Analyst with Tanium for a 12 month contract. Experience configuring using, managing, supporting troubleshooting Tanium's suite of end point solutions is essential. The opportunity is due to a client expanding its international capability to a follow the sun model. To be involved in spinning up a European capability. Based in the UK. English essential and ideally being fluent in French.