Peeling back the layers of identity and access management
.jpg)
In cybersecurity, there is no one-size-fits-all solution. When it comes to identity and access management, the set of practices, policies and procedures that an organisation decides to put in place, as well as the software solutions it chooses to utilise, need to be tailored to its specific needs. Often, however, businesses either fail to see the value of their digital assets and underestimate their need for proper identity and access management or end up choosing solutions that are inordinately complex and expensive relative to the types of data they are protecting and the risk they are facing.
For this reason, here is an easy to understand guide of some of the possible IAM functions that organisations should adopt, alongside a little insight into the sometimes-daunting lingo of identity access management.
Identity governance and administration (IGA)
IGA is the umbrella term used to describe all the IAM measures taken by an organisation to ensure that users have the right access and to prove that said access is correct. Good IGA means that an organisation has control over all its identities and the access they enable, including access to applications, data and privileged accounts. The benefits of maintaining solid governance over access are reduced risk and increased control on for on-premises, hybrid or cloud networks.
Username and password
Simple username/password combinations are one of the least secure forms of authentication. Yet many organisations still employ them due to the expense and complexity often required to implement stronger forms of authentication.
Many businesses sometimes think the information they store would be of little interest to cybercriminals; however, a breach to their systems could not only be of great value to hackers but could also open up much wider networks – such as that of its clients and suppliers - to criminal activity.
To discourage simple user/password authentication measures, the state of California has recently approved a bill that will ban simple log-in credentials (such as the combination admin/password) from 2020. The rule will apply to manufacturers, who will have to devise a more secure approach for the products and gadgets they distribute, which often have basic passwords based on default factory settings. The law will demand that each internet-connected device comes with a unique password or a start-up procedure that allows users to set up their own log-in credentials.
Active Directory (AD)
Password self-service
Perhaps the biggest burden on helpdesks is the relentless need to help users reset passwords and unlock accounts when they’ve forgotten them. Trends towards stronger password policy and greater emphasis on securing these credentials have only exacerbated the problem. However, there are tools that can greatly reduce the number of helpdesk calls by providing self-service functions for regular and ad-hoc password changes, ensuring that the process is secure.
Role-based provisioning and access control
Used by the majority of organisations with more than 500 employees, role-based access control (RBAC) is an approach that restricts system access to authorised users based on their role within the organisation (or Group membership in AD). It is based on provisioning different levels of access to applications and data based on the role. The provisioning of permissions happens automatically, drawing information on people’s duties from an authoritative data source such as the HR system.
Multifactor authentication (MFA)
Multifactor authentication (MFA) has been applied to many consumer products, such as email, mobile phones and bank accounts to provide an additional layer of security on top of the traditional username and password login. It is also a valuable tool for enterprise identity access management, as easy-to-use solutions have been developed to ensure that the authentication process doesn’t slow down productivity. Smartphone-based approval and fingerprint recognition are just two examples of how organisations can effectively implement a further layer of security without it becoming an impediment to employees.
Privileged password management
As most systems have an all-powerful, and often shared administrative login, it is wise to add secure management of privileged credentials to the IAM mix. Privileged password management can be added as an additional layer of security. Privileged password management tools store passwords in a secure vault, issue them as needed according to pre-established workflows and approval paradigms, and rotate them in pre-set intervals.
Privileged session management
When coupled with privileged password management, privileged session management allows organisations to control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Session recordings are particularly important for forensic IT, as they allow organisations to track suspicious activity happening in their systems.
Recently, regulators have started to put pressure on enterprises to record sessions that require privileged access, which will draw more attention to this kind of solution. Combined with MFA and privileged password management, privileged session management greatly increases the security of an organisation’s identity access policies.
Privileged behaviour analytics
Another valuable tool in IT forensics, privileged behaviour analysis allows organisations to single out suspect behaviours and to uncover threats coming both from inside and outside organisations. The user behaviour analytics technology can detect anomalies and rank them based on their risk level, enabling businesses to prioritise their threat response and take appropriate action. Combined, data from privileged account analytics and other sources - such as system and audit logs and session data - can further strengthen an organisation’s privileged access management standpoint and make the enterprise’s PAM portfolio complete.
With no scarcity of cyber threats in sight, building a cybersecurity strategy that implements the many facets of IAM is an essential way to prepare. Identity is swiftly becoming the new perimeter within organisations as attackers determine the fact that they are more likely to breach individuals often seen to be the path of least resistance into enterprise networks. Getting Identity and access management right is key to limiting the potential damage that attackers can inflict on organisations, while also reducing the threat from malicious insiders.
source itproportal
Industry: Cyber Security News
Latest Jobs
-
- IAM Consultant- OKTA
- Germany
- upto €90,000 plus benefits
-
I am looking for an experienced IAM process Manager to help drive forward a series of IAM implementation for a global Manufacturing business, Ideally you will be skilled with Okta and have knowledge of PAM Solutions, You will be responsible for: Driving the design and continuous improvement of complex IAM solutions in close collaboration with business partners Consult on the optimisation of IAM processes and design proper IT-based solutions to meet availability and quality targets Define technical specifications for SW-development (standards, design patterns, test cases, scenarios) and manage the life cycle of designed solutions Actively scan for relevant innovations and new technologies to identify further potential for improving IAM solutions and processes using OKTA Analyse new features of the regular Okta releases We are looking for someone with strong IAM experience as an Architect, Analyst, Technical Engineer, or similar role in the Identity and Security domain Experience with relevant certifications in development/administration, design and configuration of the Okta IAM platforms Familiar with LCM - joiners, movers, leavers, application federation - SAML, OIDC, SCIM and many other IAM terms Good mix of competences in IAM business process and project management concepts and tools e.g., ServiceNow, Jira, PRINCE2, SCRUM (agile)
-
- SAP Security Consultant
- France
- upto €70,000 plus benefits
-
I am looking for an experienced SAP Security Consultant. The ideal candidate will have a strong understanding of SAP security concepts and be able to apply them to real-world scenarios. ideally you will also have experience with Securitybridge or Onapsis, or a similar SAP security tool. Your responsibilities will include: Reviewing and auditing SAP security settings and controls Identifying and remediating security vulnerabilities Implementing security best practices Educating users on SAP security Experience experience in SAP security Experience with Securitybridge or Onapsis, or a similar SAP security tool would be very advantageous Strong understanding of SAP security concepts Excellent problem-solving and analytical skills Excellent communication and presentation skills Fluent in French & English
-
- Post Grad MSc Cyber security - Junior Cyber Risk Analyst wanted. UK
- United Kingdom
- Entry role
-
The perfect start to your new Cyber Security Career. Post Graduate Cyber Risk Analyst Wanted. Are you are fresh from earning your Cyber Security MSc and eager to start your career in Cyber Security? We are looking for a recent post graduate to join a forward thinking Cyber Security Consultancy for the ideal entry role into Cyber Security. Whilst employed industry experience is not expected, as full training and support will be provided, a history of recent education in Cyber Security / Cyber Risk is essential. We are looking for someone with an inquisitive mind, who is confident to ask the right questions and who isn't afraid to challenge the status quo. Superb communication skills are a must (in person, written and verbal) This is a UK based role that is remote first with monthly travel (1-2 a month) to meet with the team and in time to meet clients. If you aren’t available to travel this isn’t the opportunity. We are unable to provide VISA sponsorship as there will be a requirement to achieve Security clearance If you're adaptable, open to fresh perspectives, and excited to be part of a forward-thinking team and looking for an opportunity to help make a difference in a Cyber consulting role, this opportunity is for you. For more information apply here……
-
- Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared
- London
- OUTSIDE IR35
-
Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared • We require someone that has experience of migration exchange from windows server 2012 to 2019. • In depth understand of On-Prem exchange server management and deployment. • Experience migrating On-Prem exchange servers from 2012 upwards. • Secure Email Gateway experience essential Due to the nature of the requirement the individual must be commutable to London 2-3 days a week.