Over the past two years, cyberattacks have increasingly targeted identity systems.
The SolarWinds and Colonial Pipeline attacks are just two examples that have highlighted Active Directory as a common attack vector for cybercriminals. But since managing Active Directory, the primary identity system for 90% of businesses worldwide, has historically been a purely operational function of IT, Active Directory security has only slowly been incorporated into broader discussions of IT. safety.
According to the Identity Defined Security Alliance (IDSA) report, “2021 Trends in Securing Digital Identities,” 64% of the organizations surveyed had made changes in the past two years to better align security, security and identity capabilities. At the HIP Hybrid Identity Security Conference in December 2021, speakers will delve into some of the trends highlighted by the IDSA report and provide insights into the approaches companies can take to align their teams to more effectively combat attacks against security systems. identity.
Here are the main conclusions of the exchanges between Jim Doggett (Head of Information Systems Security at Semperis), Asad Ali (Technologist at Thales Group) and Paul Lanzi (Co-founder and COO of Remediant):
Strong identity security is the foundation for securing other systems.
A secure identity system is the starting point for protecting all other corporate assets. The identity team must demonstrate to the security team that they effectively protect the systems they are responsible for, just as business units must demonstrate to the security team that they effectively protect their operational applications. Once identities have been secured, businesses can use this proven security to protect other systems.
Businesses now need to rethink the interaction between networks, devices, and identities. “There is a difference between being able to secure identity entities and using enhanced identity security to protect assets such as desktops, data stores and SaaS platforms,” says Paul Lanzi. “Identity security is a big deal. “
Identity and security teams must work together to address the challenges of modern security.
Identity and security teams are overwhelmed in an era marked by unchecked application expansion, cloud migrations, and the rise of cyber attacks. The number of SaaS applications used by enterprises has exploded in recent years, putting pressure on IT teams to continually provision, de-provision, and recertify applications. As a result, the number of roles, permissions, and identities to manage has multiplied.
And while cloud applications are considered inherently more secure, moving to the cloud increases identity identity, increases the attack surface, and requires more focused attention from IT and security teams to protect the entire system of hybrid identity. (For more information on the challenges of securing hybrid identity systems, see “Key Security Risks to Watch When Moving to Hybrid Identity Management.” [Principaux risques de sécurité associés à l’adoption d’une gestion de l’identité hybride]).
By bringing identity and security teams together, the organization is able to adopt a holistic view of security while also taking into account the natural tension between usability and security. In general, users associate greater security with usability issues and inconvenience, while less security is more synonymous with simplicity and convenience. Some usability issues have been addressed with smart devices and improved authentication technologies. But organizations tend to continually add security mechanisms without removing them, causing administrative problems and frustration for users. By working together, identity and security teams can push the organization to dismantle outdated security mechanisms and introduce new, safer, and easier-to-use ones.
Identity and security teams can help measure security status
To face the never-ending battle against cyberattacks, companies need effective ways to quantify their security position. And, as with any business KPI, it’s about results, not just business. Leaders learn the basics of security technologies, but identity and security teams still struggle to understand the real impact of security improvements. Asad Ali reveals: “To attract the attention of officials, it is enough to talk about money. “
But information security is essentially a “negative product” measured by the incidents that have occurred, rather than the incidents that have occurred. Identity and security teams can collaborate on key performance indicators that collectively reflect overall security security, such as quantifying the number of infection days before reporting an attack or setting timelines for disabling legacy technologies that may pose risks to the security.
One of the most effective KPIs for assessing security status is measuring the scope of access rights. The number of permissions increases over time, and the ability to show a downward trend is an important metric for identity and security teams to focus on. For example, showing that hundreds of accounts have administrative access to a financial application can quickly grab the attention of the CFO and mobilize resources to identify and manage excessive permissions.
“Boards of directors are paying a lot more attention to the security issue,” says Jim Doggett. There have been enough breaches for leaders to understand the implications of data exposure and the urgency to address certain issues. “
Collectively, identity and security teams can provide the context for decision makers to better define key performance indicators and measure the initiatives that make the business more secure. I’d like to see our industry and its companies develop and standardize performance indicators for information security.
Security improves through collaboration between identity and security teams
To improve the security posture, organizations must provide a framework for security and identity teams to identify and address security vulnerabilities that span the entire environment, from authentication to workplace security. As cybercriminals become more adept at exploiting misconfigurations of identities and moving sideways through systems, companies that isolate identity and security teams run the risk of losing security, which can in turn lead to a cyber attack.