Story image

Seven ways identity and access management can take the edge off data risk

02 Nov 2017

Data breach reporting regulations are becoming commonplace in many countries including Australia and as a result, organisations need to increase their identity and access management (IAM) maturity.

According to Centrify, the risks arising from breaches and breach reporting can be reduced if organisations take action.

Reported data breaches could damage both shareholder and customer loyalty – you only need to look at how Verizon slashed its offer to acquire Yahoo.

“A breach can wipe out company value, as we saw it with Yahoo!’s acquisition price devaluation of $350 million after its data breaches were announced,” comments Centrify’s senior director of APAC sales, Niall King.

“A recent Ponemon research study found that stock prices fall an average of five per cent and customer churn can increase as much as seven per cent after a data breach is disclosed. The stakes for properly securing access to corporate resources and handling security incidents couldn’t be higher.”

Another study by Forrester Consulting found that two thirds of organisations have been breached in the last five years. Those without a mature IAM approach experienced twice as many breaches and around $5 million more in costs.

To help organisations improve their cybersecurity defences, Centrify outlines seven best practices:

- Consolidate identities: According to Verizon, 80 per cent of breaches are due to compromised credentials. It’s critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible

- Enable Single Sign-On (SSO): Single Sign-On to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost, and improves user efficiency

- Implement Multi-Factor Authentication (MFA) everywhere: Multi-Factor Authentication, including third parties and the Virtual Private Network (VPN) that adapts to user behaviour, is widely acknowledged as one of the most effective measures to prevent threat actors from gaining access to the network and navigating to target systems

Audit third party risk: Outsourced IT and third party vendors are a preferred route for hackers to access corporate networks. Conduct audits and assessments to evaluate the security and privacy practices of third parties

- Enforce least-privilege access: Role-based access, least-privilege and just-in-time privilege approval approaches protect high-value accounts, while reducing the likelihood of data loss from malicious insiders

Govern privileged sessions: Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis, and

- Protect the inside network: Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide strong protection from malicious insiders and persistent hackers once inside the firewall.

Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.