Identity, credential & access management: protect your company data
Once upon a time, most companies’ computing environments were kept on-premises and entity management systems could authenticate and monitor users as they, too, worked on-premises. But, as we all know, things have changed.
As internal processes, customer engagement and partnership models continue to evolve, the identity and access boundaries of today’s digital businesses have become increasingly blurred. According to Forrester’s Identity And Access Management Playbook For 2019, it’s becoming more difficult for IT, security managers, Chief Security Officers (CSOs) and the like to maintain a complete and consistent view over exactly who is accessing sensitive company, employee and customer data.
It is this increasingly complex security environment that has made identity, credential and access management (ICAM) so essential to modern businesses. Controlling when, where and who can access your organisation’s systems is the first line of defence from cyberattack, ransomware and data breaches. This is especially crucial for health, public safety, transport, utility and mining companies — and organisations such as yours that deal with them.
To help you ensure your company data is protected from unwanted access, the team at ESET has compiled their top tips on how to implement a successful ICAM system.
What is ICAM?
ICAM is a type of cyber security measure that, according to Gartner, “ensures the right individuals access the right resources at the right times, for the right reasons.”
Cyber security and information technology (IT) professionals must verify and manage identities and user access across a range of devices, hosting models and groups — from employees and partners, to customers and suppliers. ICAM products help by providing the tools and technologies to control user access, track activities, create reports, enforce policies and ensure compliance with government regulations.
ICAM systems typically work by allocating one digital identity to each user. Once that digital identity has been defined, it must be managed and tracked to ensure correct security policies and compliance are upheld.
It’s all about getting a complete, real-time view of the roles and access-rights of individual network users and determining the scenarios in which those users should be granted or denied access to specific data. For example, it’s unlikely a casual intern would be granted access to an organisation’s confidential payroll data.
ICAM tools and technologies include things like password-management tools, provisioning software, security-policy enforcement apps and reporting and monitoring tools. Here are six emerging ICAM technologies identified by Forrester research as having significant security and business value:
- API security,
- identity management and governance (IMG),
- customer identity and access management (CIAM),
- risk-based authentication (RBA),
- identity-as-a-service (IDaaS) and
- identity analytics (IA).
Why do you need ICAM?
From WannaCry to Ryuk; malware, ransomware and other cyber security threats continue to make headlines, while increasing regulations — such as the Mandatory Data Breach Reporting Scheme — are keeping business and security leaders up at night.
Implementing a strong ICAM strategy can help protect your company from sophisticated ransomware and data hacks, while protecting customers from account takeover, identity theft and privacy breaches. A robust, well-documented ICAM strategy will also help your organisation avoid, or at least reduce, the significant financial, reputational and legal risks that come with any major cyber security incident.
In today’s digitally enabled economy, identity and access management is a critical part of any business, as it is so closely connected with the security and productivity of its people. Compromised user identities are a common entry point into a company’s network and data.
A strong ICAM system can add a vital layer of protection by ensuring user access rules and policies are better understood and upheld across your organisation at all times.
How to implement ICAM
The key to successful ICAM is to implement a single approach that provides all the security, scalability and oversight you need across every part of your organisation’s network — including all user types, tasks and access scenarios.
A cloud firewall is typically the first step to improving security network wide access. Implementing automated ICAM tools helps organisations to operate more efficiently, freeing up resources and minimising human error.
Of course, the idea of relying on a single, centralised approach may feel a little nerve-wracking — and fair enough. If your ICAM system fails, or is implemented poorly, your company data will be at increased risk of a cyber security breach. But it’s a bit of a Catch 22 — if you don’t unify the fundamentals of ICAM, you will never reduce risk.
A good ICAM system should:
- Include the ability to capture and record both user login information and an audit trail of all changes to user permissions.
- Be capable of managing all individual user identities and access privileges across the company in a centralised directory.
- Provide a centralised directory of users and avoid “privilege-creep” — where users gradually gain access to areas outside of their roles.
- Balance security measures with user experience — authentication and authorisation processes should be easy to use and streamlined, balancing automation and agility with transparency and administrative control.
- Allow administrators to view and change access rights as well as being able to grant external users access to appropriate parts of the network without compromising security.
Implementing an ICAM project can be quite complex — thorough planning, analysis and collaboration across departments is required to ensure success. Companies that establish clear objectives, stakeholder support and defined processes from the start are likely to get the best results.
Maintaining security without sacrificing agility
Given the resource and skills shortage in the Australian IT and cyber security sectors, manually adjusting access privileges and controls for hundreds or thousands of users simply isn’t feasible. ICAM systems must empower organisations to manage users’ access to sensitive data across a variety of scenarios, roles and devices, without inhibiting business agility, compromising the user experience, or breaching compliance requirements.
A solution such as ESET Identity & Data Protection will help your company improve efficiency, collaboration and productivity, while decreasing operating costs and keeping your company data safe and sound.
Find out what secondary targeting is, how you can detect it and what steps you can take to...
Here's how you can implement security best practices to protect you and your business from...
Two Microsoft OSes' Extended Support periods ended this year. ESET's Nick FitzGerald...