Identity and access management is the foundation of everything we do in security, but in many ways, enterprises are more vulnerable than ever. As organizations modernize and digitally transform processes, data is increasingly distributed within the enterprise, in the cloud and across a growing number of embedded and connected internet of things (IoT) devices.
Unfortunately, many organizations are having difficulty knowing exactly who has access to what data, and whether access controls are consistently enforced for all users, especially those with privileged access. The danger is that data and vital systems will be exposed to hackers. These threats underscore the need for zero-trust identity services that can be accessed from anywhere and continually kept up to date, giving the organization a shared view of identity across connected devices, cloud services and legacy applications.
Traditional identity and access management systems were designed to allow access by customers, employees and business partners. But today, we need to think about authenticating bots, IoT devices, wearables, thermostats and connected cars.
To deliver a better user experience, companies are encouraging customers to connect over voice channels such as Alexa, on their mobile devices, at the ATM, across the counter in the store and over the telephone. At all of these points, companies need to authenticate the customer and the device.
When it comes to sensitive corporate data, the traditional access management approach was to build a wall around the data and around core systems and allow access only to privileged users. That approach doesn’t work anymore because companies have to make their data accessible to employees, business partners and customers, as well as to machines that will move the data on their behalf, and to artificial intelligence and machine learning systems that are analyzing the data.
What should companies be doing?
Conceptually, you need to apply identity management policies to all of these data elements. You have to know who’s accessing the data and what that individual or that entity is allowed to do. Then you can begin to manage and protect that data wherever it lives.
Managing access from the cloud provides a number of benefits, including increased availability, scalability and the ability to take advantage of identity federation. Cloud-based identity and access management can also provide greater business agility since it allows you to work more closely with your partners, reduces costs and gives you the opportunity to use APIs to access legacy systems.
Improved identity governance gives companies visibility into who has access to what data and how that access was granted. It also gives you the tools to remediate noncompliance issues and to create automated workflows to enforce rules on segregation of duties or to manage joiners, movers and leavers at a company.
Many companies struggle with how to manage the access that system administrators have into privileged accounts. Privileged account management (PAM) software is built specifically for system admin accounts, machine accounts or embedded system accounts where you need extra protection. Typically, PAM requires multifactor authentication rather than simply a user name and password.
Organizations are moving data into the cloud, creating a new target for threat actors that want to take control of your cloud assets. So, the system administration accounts that control your cloud environments are increasingly a target, and PAM is now extending from just managing on-premises to managing your cloud credentials as well.
The final piece of identity governance is to make sure, on the management front, that you have a single pane of glass, so you can see all security incidents and events through the same portal.
Avoiding security risks in today’s environment requires a new set of defenses based on digital identity and access management. Learn more about Thriving safely in the age of digital identity management.