Is it too early for your business to start thinking about identity management in 2021?
2020 proved one of the most challenging years in the history of cybersecurity and identity management. With the COVID-19 pandemic forcing many enterprises of all sizes to switch abruptly to remote work, cybersecurity concerns took something of a backseat for some IT decision-makers.
However, external threat actors made no such mistake. In fact, numerous reports suggest that COVID-19 provided the perfect cover for cyber-attacks, facilitating a significant rise in attacks over the past year. Additionally, plenty of COVID-19-related attacks use the disease as a ploy to conduct spear-phishing attacks. With compromised credentials remaining a key component in the majority of cyber-attacks, businesses need to start thinking about how they plan to conduct identity management in 2021
For 2021, your business needs an identity management platform that can scale with a remote workforce long-term; unfortunately, all reputable projects project the pandemic continuing through the next year. Additionally, this identity management platform must incorporate privileged access management and identity governance to succeed.
Here’s what to consider.
Identity Management for 2021
Rethinking Authentication and Biometric Authentication
With the proliferation of data breaches stemming from phishing attacks, misconfigurations, and straight-up penetrative attacks, employee credentials are at increased risk. However, the reverse also proves true: your business is at risk because of employee credentials.
Why? For a few reasons, most of them involving how employees create passwords. Unfortunately, the average employee may need to remember dozens if not hundreds of credentials. Additionally, they most likely need to input many of those credentials to begin or proceed with their everyday tasks.
This leads to one of two scenarios, generally. First, users will create weak passwords that are simultaneously easy to remember and easy for threat actors to crack. Second, users will repeat their passwords across multiple accounts, potentially creating a cascading breach effect as hackers use stolen passwords for credential stuffing attacks.
Worst of all is when these two scenarios become combined, of course. Your enterprise needs to prepare for this eventually in 2021. The first would be to stop relying on single-factor, password-only authentication through multifactor authentication (MFA). Using passive factors such as geofencing and time of access request monitoring can help prevent hackers from breaching your perimeter.
You could also use the pandemic and the imposed isolation to your advantage in authentication, particularly regarding biometric authentication. With a next-generation solution, you could use a paired mobile device with biometric-fingerprint scanning to help authentication users. Alternatively, you could also use the mobile device as a token factor.
Regardless, what matters is that your enterprise recognizes that passwords can’t protect your data in 2021…or 2020, for that matter.
(As a side note, you should consider Single Sign-On to help reduce the number of logins your employees must perform during the work-day)
Limiting Breach Damage Through Identity Governance
At the heart of cybersecurity isn’t antivirus or secure logins, but visibility. The ability to see your network and IT environment clearly can effectively make or break your identity management; if you can’t see suspicious activity or potentially malicious events, then hackers could gain free reign of your business.
However, you also need visibility over your users and their permissions. Without this knowledge, if certain credentials end up in the wrong hands, you won’t know what areas hackers could potentially affect or hide in. Also, through visibility, you can understand what permissions your employees actually need and which they shouldn’t possess. The fewer permissions each employee possesses, the less damage those credentials can do in the wrong hands.
Identity Governance and Administration can help increase visibility over users’ credentials and permissions and help regulate and limit permissions. Further, it can help facilitate secure temporary permissions for brief projects, which may occur more often as enterprises adjust to remote workforces.
Protecting your privileged users will also matter in your identity management in 2021. If powerful credentials become compromised, your enterprise faces an uphill battle against hackers.
Visibility again matters in protecting privileged users, whether through session management or through visualization tools which can track a user’s activities in a coherent manner.
You can learn more about Identity Management in 2021 in our constantly updating Buyer’s Guide.
Latest posts by Ben Canner (see all)
- Findings: 2020 Gartner Magic Quadrant for Access Management - November 25, 2020
- What is the Future of Identity? An Interview with Amit Saha of Saviynt - November 24, 2020
- How to Protect a Transformed IT Infrastructure Through Identity Management - November 23, 2020