Defending the Castle against Modern Cyber Attacks with Identity Access Management
From sports to military strategy, defending the perimeter is a defensive tactic against offensive attacks. Defending the network perimeter has long been a cybersecurity tactic to protect networks from cyber attacks and unauthorized access.
During the pandemic and the coinciding unprecedented move to remote work, defending the perimeter became a dangerous game of defining the perimeter to then defend the perimeter. But defending a perimeter is difficult if you don’t know the difference between friend or foe. Identity access is a key part of cybersecurity defense.
Remote Work’s Inherent Cybersecurity Risks
Security Magazine describes 2020’s perfect storm of remote work and cybersecurity attack spike this way:
In 2020, we witnessed the explosive expansion of the network edge and decentralization…. Remote workers are more relaxed operating in the comfort of their home; however, this comfort leaves them feeling like they can let their guard down. This relaxed approach in security could not come at a worse time as cybercriminals have ramped up social engineering and ransomware attacks. Home-based employees are also more likely to use personal devices and home networks (DSL/Cable, etc.) that are not hardened to the same degree as corporate networks. We now have systems behind consumer modems and switches that are, in many cases, not configured at all or still have the default settings.
With cloud computing, DevOps, the IoT, and employees accessing systems with an array of devices from all over the world, the perimeter is almost impossible to define and protect. Identity Access Management (IAM) has quickly become one of the most important components of an organization’s security program.
Identity Access and the New Perimeter
To illustrate in keeping with our military metaphor, castles were once built with perimeter defense for security. Think high stone walls, watchtowers, moats, and drawbridges. Now imagine those same perimeter defenses and their likelihood of success against a modern-day threat like warplanes or drones.
Today, fences and walls are just two small ways to physically protect a physical location; the majority of security measures may not be immediately visible at quick glance. Layers of protection like VPN and network perimeters are less effective as employees log in from their personal networks.
Logically, remote work has essentially forced a broad rethinking of identity access management. And identity is the new perimeter. Security is now centered on the identity of the user. One thing hasn’t changed from Medieval times until today, preventing unauthorized access or entry is still the surest way to prevent an attack. But insider attacks are also not unheard of.
Identity Governance Monitoring and Zero Trust
Today, employees may be recruited, interviewed, hired, and onboarded all online. An employee may never set foot in the physical office of their employer. It remains to be seen whether online hiring and remote work will have a measurable effect on insider threats, but businesses simply can’t afford to take that risk.
Previously, identity access was based on IP address and host names. Now, time of day, risk, group, and role may all also have a part. As this CISO Magazine article states:
Called “zero trust,” this model does not assume that being on or off the corporate network would make an employee more or less trustworthy. Instead, decisions are made based on a variety of factors such as a user’s IP address, behavior, or files accessed before granting access. Zero trust removes the requirement of building a perimeter that gives the illusion of a “digital fortress,” because users aren’t even trusted when they’re inside the perimeter.
Clearly, identity governance is not cut and dry. And the complexity of decisions is not easy to manage amidst spiking cybersecurity attacks and the sheer volume of data to be monitored. The answer to this modern challenge is an industry shift toward authentication and identity-focused technology—technology that can keep outsiders out and keep insiders from doing harm.
Moving to the cloud accelerated dramatically during the pandemic to facilitate remote work. And even though organizations may be exploring employees returning to the workplace, it is unlikely that remote work will sink back to pre-pandemic levels. Even with a moderate hybrid approach, the risks are great and identity access is an important cybersecurity measure.
Best practices are moving away from traditional perimeter security to an identity focus, making identity management and administration critical to an organization’s security program.
So where does an organization start with identity access management and governance? That all depends on how you’re handling identity access today.
For example, consider the following questions:
Does your organization currently use an identity provider?
Has your organization implemented single sign-on (SSO) to streamline access to systems and servers?
Has your organization implemented multi-factor authentication?
What level of self-service capability does your organization empower for users and how is that capability governed?
Does your organization employ systems to monitor access accounts, disable unused accounts, and set time limits on temporary access accounts?
Does your organization use automated governance tools that learn from historical actions?
To see our PAM process in action, review a recent Case Study here.