Identity Management in the Cloud age
Your business, like many companies, have adopted several cloud services, where the price and convenience outweighed the higher cost of hosting the application on your own servers. These services, be they email, documents, applications, databases or other collaboration tools, have broken the tightly guarded walled garden that your IT team has created behind your firewall and VPNs, allowing access to your company data via additional vectors with various security controls.
Most of these applications are only protected by one simple permission: the password.
Data breaches are becoming more and more commonplace. Lost and stolen data has exceeded six billion records in the past few year – an average of over 165,000 records compromised every hour! The related damage is estimated to exceed $6 Trillion annually by 2021. The recent Equifax breach, of a 143 million people (there are only 250 million or so adults in the US), highlights the vulnerability of weak passwords and open data portals.
In order to safeguard our important assets and reduce the risk of breaches, we need to rethink on how we approach organizational security
Access
New technologies, platforms and applications have accelerated the disintegration of the corporate security perimeter, creating a multitude of identities, user names and passwords. This use of cloud computing has increased trends of enabling employees to access network servers and sensitive information from outside the enterprise. Companies with static perimeter-based security methods (Firewalls, VPNS) will have a hard time managing both employee and partner access to critical data while maintaining any semblance of security.
Cyber criminals take aim at identities, from all types of users in your organization, from privileged users to vendors. They focus on weak passwords and social engineering to achieve their aims. Nearly two-thirds of all recently confirmed data breaches involved weak, default, or stolen passwords. In the first quarter of 2016 alone, there were an estimated 6.3 million phishing emails and 93% of all phishing emails contained ransomware.
Consequenses
No one is safe. In 2016, Yahoo revealed that the account information for over ONE BILLION consumers, including names, email addresses and encrypted passwords, were compromised by a data breach in 2013.
Dozens of companies experienced major outages when the DNS provider Dyn experienced a severe and extended Denial of Service attack (DDoS). What was the cause? Passwords. Default passwords on millions of Internet of Things (IoT) devices that were hijacked and used together as the Mirai botnet.
Next Stop, Security
How do we protect against breaches in our organizations, with this porous, multi-vendor, cloud-based enterprise? You must be able to adapt to new threats as they emerge. You must be able to incorporate cloud, mobile, IoT and other technologies, into a seamless defense, following your users as they work across applications and tools – Wherever they are hosted.
Companies must adopt Identity and Access Management (IAM) solutions and practices that significantly reduce the likelihood of a data breach, by enabling secure access to your data from any device, for users inside and outside your organization.
How do we do this?
- Consolidate identify stores into a single directory
- Implementing single sign-on
- Governing access through time-bound and temporary privileged access
- Automating mobile application provisioning and deprovisioning of applications
- Automatically deprovision privileged user access as they terminate from your organization
- Eliminating the use of shared administrative accounts and centrally controlling access to shared service accounts
- Recording all privileged sessions or commands
- Automating role-based provisioning of applications and infrastructure
Forte can help your company ensure that identities are protected through an integrated solution across applications, devices and infrastructure.