IT security experts frequently proclaim the ascendancy of identity in cybersecurity. Identity looks poised to become the new digital perimeter (assuming it hasn’t already). Stolen or weak privileged credentials serves as the primary attack vector for hackers around the world. Access creep puts enterprises at the mercy of insider threats.
Yet enterprises remain beset by identity management problems. They continue to flounder in understanding the importance of identity security best practices, let alone implementing them. Yet none of the most pressing identity management problems prove insurmountable with the right solution or attitude change.
We present 3 identity management problems and how you can take the right steps to solve them.
We’ve spent the last few weeks detailing the issues surrounding poor password management and password security; these remain some of the most pressing identity management problems.
Passwords occupy a strange place in modern IAM. On the one hand, experts and users alike express hatred for passwords due to their inconvenience and their weakness in the face of modern hacking techniques such as credential stuffing. On the other hand, passwords also serve as the primary authentication method for the majority of enterprises and users and still acts as the main gateway to users’ digital identities.
Therefore, passwords will most likely remain embedded in modern identity management’s authentication protocols. By extension, implementing strong password security best practices should become a top priority.
Your business can do so by:
- Mandating employees not repeat their passwords under any circumstances.
- Protecting employees’ credentials through a privileged access management solution.
- Removing some of the burdens on passwords by implementing biometric authentication.
- Forbidding employees from writing down or sharing their passwords with anyone.
These tips only scratch the surface of strong password security. However, they may also prove difficult to implement; employees may not so readily adopt these practices even if they understand their importance.
Endpoint security solution provider Kaspersky Lab commented on this issue recently. They recommended enterprises encourage users use a root based password system in which passwords can be written down in part more securely.
Weak Authentication Protocols
Authentication overall stands as one of the most persistent identity management problems; password security is only the tip of the iceberg. Passwords alone cannot provide the security your enterprise needs to deter or repel hackers. In other words, it cannot serve as your digital perimeter by itself as it just doesn’t have enough layers.
Many enterprises have begun to turn to two-factor authentication to add that critical extra layer. Many use SMS messaging, email confirmation, hard tokens, or biometric authentication as the secondary factor, favoring a “something the employee has” model such as SMS mobile device messaging.
However, hackers have begun to innovate tactics to subvert or circumvent two-factor authentication; for example, they now have tools to fake an SMS message to trick users’ into giving up their credentials. Perhaps this should come as a surprise. Having only two layers to your perimeter won’t deflect more dedicated threat actors.
Therefore, your enterprise should implement multifactor authentication through its identity and access management solution to solve these identity management problems. Multifactor authentication offers:
- Hard Tokens.
- Physiological Biometrics.
- Behavioral Biometrics.
- Time and Location Authentication.
- Universal Second Factor.
- Client Certificates.
Additionally, if you worry about creating an unfavorable user experience through multifactor authentication, you can implement granular authentication (step-up authentication); this activates only when users request access to sensitive databases or assets. Thus employees can access their base assets easily but must continually confirm their identity as the seriousness of their requests escalates.
Provisioning and Deprovisioning
One of the most challenging identity management problems is simply keeping track of all the identities connecting to and acting on your network. Enterprises must make sure each identity receives the permissions it needs to conduct its business at the time of its creation (provisioning). Further, it must remove those permissions when the user leaves the enterprise (deprovisioning).
Even a small-to-medium-business (SMB) must deal with the provisioning and deprovisioning of their employees, third-party vendors, partners, and customers. Without the help of a solution, your IT security team can swiftly become overwhelmed; this applies doubly to high-turnover environments or business with more part-time or seasonal employees.
Furthermore, you must consider the dangers in granting employees temporary permissions to complete special projects; without proper visibility and provisioning controls, employees may retain these permissions long after they complete their temporary project. This leads to access creep, which swells the users’ credentials and make them vulnerable to insider threats as well as external threat actors.
The key to proper provisioning and deprovisioning lies with identity governance and administration. It can help your IT security team create clearly defined roles with set permissions for easy provisioning; further, IGA can help your team deprovision the accounts immediately in the event the user leaves the enterprise.
Additionally, identity governance can set time limits on temporary permissions, preventing access creep.
None of the most pressing identity management problems prove daunting once you have the right IAM solution by your side. Does your enterprise have what it needs to thrive in the digital marketplace?
Latest posts by Ben Canner (see all)
- Facebook Stored Hundreds of Millions of Passwords in Plain Text - March 21, 2019
- 7 Vendors in the Gartner Peer Insights for Privileged Access - March 21, 2019
- The Top 6 Identity Management Capabilities For Enterprises - March 20, 2019