3 Important Lessons in Next-Gen Access Management

3 Important Lessons in Next-Gen Access Management

What should enterprises know about deploying and maintaining a next-gen access management solution? What are the secret ingredients to identity security success in the modern era, so to speak?

The editors at Solutions Review watched “Next Gen Access and ZTX are a Must,” a collaborative webinar between Forrester Research and IDaaS solution provider Idaptive. The acronym ZTX here stands for “Zero Trust Extended.”

Andras Cser, VP Principal Analyst at Forrester and Corey Williams, VP of Product Marketing and Strategy at Idaptive share some of the most important lessons enterprises can learn about next-gen access management. Here are 3 of our favorites!

Next-Gen Access Management Means More Than the User

Or to put it in more clear terms, authenticating the user constitutes only one part of next-gen access management. A user putting in their credentials should serve as the first step to their authentication, not the end all be all; the experts on the webinar argue the device the user logs in from should also undergo verification to ensure its legitimacy.

For example, if an employee typically logins in from an iOS device and then suddenly requests access from a Windows device, that should merit more steps in their authentication process.

Indeed, other subtle authentication factors should include the users’ location, IP geolocation, their behavior as compared to their behavior baselines, the data to which they requested access, etc. These considerations are more important than ever with the rise of IoT, BYOD culture, and mobile device proliferation.  

Furthermore, your next-gen access management solution should grant access based on known facts about the users and their device. The Principle of Least Privilege still applies; access to applications and services should require continual authentication and authorization.    

Authentication Must Adapt to Risk

One of the most important features of a next-gen access management solution is risk-based authentication and access controls. Typically, risk-based authentication evaluates the user in context—their device, their IP address, their session speed, the time of day of the request, etc. The system then provides a risk score based on these factors, which triggers a particular set of authentication and authorization requirements.

The higher the risk score, the more authentication factors the system asks of the user before granting access. Risk-based authentication also constitutes the core of adaptive multifactor authentication and step-up authentication; these activate and demand more criteria when the user’s behaviors steps outside their normal behaviors or when requesting access to sensitive material.

Risk-based access provides visibility for the highest risk users, applications, and data traffic. Effective cybersecurity starts with visibility; you can’t protect what you can’t see, after all.     

Governance May Be the Key

So much of next-gen access management builds off the Principle of Least Privilege. At its heart, the Principle of Least Privilege says users should only have the access they absolutely need to perform their job duties. Nothing more.

However, enforcing this principle can prove a headache when performed manually; employees may need special permissions to complete one-time projects. Additionally, they may need new permissions as they take on new roles and responsibilities within the enterprise. Even an employee leaving the business can present its own identity challenges.

Therefore, identity governance and next-gen access management go hand-in-hand. The former provides automated role management, which automatically allocates specific privileges to employees with certain job titles. It also enforces temporary privileges and removes permissions during the offboarding process.

Moreover, governing your users’ identities facilitates periodic but regular recertification, which you should perform as part of your next-gen access management. This step helps prevent access creep and orphaned accounts from leaving your business vulnerable.

Identity and access serve as hackers’ top attack vector. According to Verizon, as high as 81% of breaches involve weak or stolen passwords. Ten times more breaches stem from identity issues than from other vulnerabilities.

Properly deploying, and maintaining a next gen-access management solution goes a long way to preventing these crises. The lessons we describe above only scratch the surface of the webinar. You can check out the full “Next Gen Access and ZTX are a Must” webinar by Forrester and Idaptive here.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner