Once again we at Solutions Review return to our recurring series of reading through the identity and access management blogs of major solutions providers for their key findings and best practices. After all, no one knows the direction of the idustry or the most worrisome threats than those on the front lines of the digital battle. This time the identity and access management blog of interest belongs to Californian vendor Okta. We read their most compelling authentication blog posts, including:
March—Women’s History Month—may be over, but gender issues in cybersecurity raised in March persist every day of the year. Lorraine Costello’s Okta blog post highlighted some key statistics about the depths of this disparity and what it means for gender equality overall as technology is the fastest-growing job market in the U.S. and is one of the best paid fields.
The statistics Costello and Okta share show a fundamental disconnect between men and women in the perception of women’s positions and growth in cybersecurity. As just one example, 63% of men say their enterprise is taking steps to address the gender disparity in cybersecurity, but only 49% of women said the same.
Encouraging and accepting more women in cybersecurity isn’t just about equality—although that should be a powerful motivating factor—it’s also about creating the most comprehensive and secure cybersecurity solutions via different perspectives.
Okta acknowledges that digital transformation and cloud adoption can offer huge benefits to enterprises of any size, but with the caveat that identity security and incident response can suffer in the new IT environment.
A typical incident response tends to have four major components: information gathering, incident containment, threat removal, and damage assessment. For a compromised employee or privileged access identity, information gathering involves determining who’s identity it is, what their permissions are, what systems they’ve access recently, and what they did with that access.
Under a normal system, role-based controls, multifactor authentication, and audit logging can help enterprise IT security teams collect that vital information quickly and determine if the digital identity has been compromised. On the other hand, under a cloud system IT teams suffer from a much looser grip on their security options. Cloud providers’ SaaS platforms don’t offer nearly the same suite as an identity and access management solution; combined with the large number of cloud identities employees can have the time security experts spend gathering information can significantly increase along with threat dwell time.
According to Okta, deploying an IAM or PAM solution with a centralized digital identity directory system, single sign-on, multifactor authentication, and cloud integration capabilities is essential to improve incident response time and keep a close eye on your identities.
Okta agrees with us: passwords just don’t cut it anymore. The old identity security paradigm of single factor authentication is insufficient to protect your employee and privileged access credentials in the modern threat age. Passwords by themselves are vulnerable to:
- Easy cracking or guessing
- Password spraying
- Phishing and spearphishing theft attacks
In contrast, two factor authentication (2FA) requires two forms of identity verification data before allowing users to access enterprise applications or systems. 2FA often combines a password with a hard token or an SMS a user’s mobile device. It requires hackers to spoof whatever the second factor is in order to crack the employee’s or privileged access user’s credentials—stopping or discouraging an attack.
Multifactor authentication, according to Okta, is basically two factor authentication with more flexibility on what the second factor is required: hard token, SMS, biometric, geofencing, etc. Deployed properly, it shouldn’t disrupt the end user experience as some enterprises fear. What factors are required can even be based on roles, with more severe authentication factors required of privileged access users or to access privileged data.
Okta argues that current identity security trends mandate authentication as a process rather than as an event to prevent session imposters, credential stuffing, and phishing attacks.
In that vein, continuous authentication continually reevaluates if the user logged in is still the user that initially logged in. The solution makes this determination based on users’ behavior, location, time of day, and the length of their session, and will ask them for new authentication factors if certain suspicion thresholds are met. Enterprises can set their own individual thresholds for what constitutes risky behavior or factors.
Among old favorites phishing and spearphishing and newcomer man-in-the-middle-attacks, Okta introduces readers to much more insidious threats including credential stuffing—a brute force attack in which already compromised credentials are used on other websites to see if something clicks. Also included is password spraying—essentially the opposite of credential stuffing where the most common passwords are applied by a hacker to different accounts and usernames to see what sticks.
Both can be prevented by simply deploying an extra step to authentication, forcing hackers to work that much harder to reach your enterprise’s data. This often means that hackers either can’t crack your employee’s credentials or will simply give up and look for an easier target. Either way is better for you.