Following the SolarWinds cyberattack, the whole security community is now questioning some of the fundamental practices and assumptions that it makes around how to implement a successful security environment.
Now no one can assume they haven’t been breached, how do you secure your organisation and data on a ‘dirty’ network? How do you put strategies and technologies in place to cope with the fact that you may have already been successfully attacked, and just not know it yet?
You’re only ever as strong as the weakest link in your defences. In our latest security research, we found that just 33% of business execs say their IT is excellent at making sure only authorised people have access to their databases. So, how do you make sure your identity management is as effective as possible?
Identity and access management is critical to security
More than ever, identity is at the centre of digital transformation for organisations of all kinds in all sectors. As sensitive data migrates to cloud applications and traditional perimeters dissolve, identity becomes the new perimeter.
Cybercriminals have realised that identity may be the new gap in security they’re looking for and are focusing their energy on compromising users’ accounts to access permissive accounts and sensitive data.
Below are the four actions you need to take to secure your people’s identities as much as possible to protect against data breaches.
1. Secure your authentication process
According to Forrester, 80% of security breaches involve compromised credentials. If attackers compromise credentials, they can easily travel across organisations and steal data. That’s why it’s essential to add multifactor authentication to your critical applications and sensitive information to significantly reduce the risk of breach. And this becomes even more important for the powerful privileged accounts that give access to your IT kingdom.
Requiring different forms of proof of identity (such as a possession or biometric factor) will help prevent successful attacks because, even if the cybercriminals have one set of credentials, they won’t have the second factor they need. And by switching to passwordless multifactor authentication, you’ll eliminate passwords completely, further strengthening your security.
2. Grant the lowest level of privilege possible
Making sure identities can only access what they absolutely need to means attackers accessing critical systems via a compromised user account, device, or application won’t be able to travel across the entire system. So, for example, a user who only needs read-only access to a system should be given this restricted access, and no more. Then, if their account is compromised, the attacker’s scope is limited.
I’d also recommend putting in place just-in-time privileged access, especially for critical systems. This makes sure that users only have the appropriate privileges when they need them and for the shortest time necessary.
3. Control access to your privileged systems
Unprotected privileged accounts can be used by malicious attackers to perform forbidden actions that may put the business at significant risk. It’s important to put the right privileged access controls in place and to use the right tools to:
- discover all privileged accounts on your entire information system - whether in the cloud or on-premise
- isolate credentials and privileged sessions
- record and audit all activities on privileged accounts
- analyse privileged accounts to detect and deal with attacks.
These controls and tools will detect when a user’s privilege is elevated and when privileged accounts are added.
4. Put in place a strong identity governance and administration
Your identity governance and administration let you centralise the management of identities and the access they have to your applications and systems. It means you can manage a user’s lifecycle and makes sure accesses are removed when they’re not needed anymore. It also gives you a real-time, global and contextual view of who has access to what so you can understand and manage identities and accesses. It’s critically important to use identity governance and administration tools for auditing and reporting to help you decide who should retain access to what.