As is our tradition at Solutions Review, we like to take a few moments every fiscal quarter to review the blogs of the top identity and access management vendors in the field. These providers are the boots on the ground in the fight against hackers, insider threats, and malicious nation-state actors. Therefore, their insights can tell us about the present and future of IAM.
This week we dove into Hum@n, the blog of Atlanta, Georgia-based IAM solution provider Simeio. We looked at their posts from Q1 2018 and a little before that to get their take on the identity market and on enterprise threats. Here’s what we found:
If your enterprise is in any way involved in healthcare, then you should know that cybersecurity isn’t just a matter of data privacy—it can be a matter of life and death. After all, if a patient doesn’t trust their healthcare providers’ with their personal information, they may withhold valuable information essential to an accurate diagnosis. Simeio notes that personal healthcare information can fetch a good price on the black market or be a component of blackmail against providers. Simeio notes that they could always refuse to share their personal information critical to their diagnosis.
Simeio recommends that healthcare identity authentication controls be balanced between too much and too little to reassure patients. Too much IAM can prevent crucial actors in healthcare enterprises from accessing information vital for their job functions and putting them under even more dire time constraints than they already face.
This post from Simeio actually disagrees with our previous exploration of blockchain technology in identity and access management. Simeio contends that blockchain can maintain consensus over facts and prevent underhanded dealings across disparate enterprises. The IAM solution provider notes that the anonymity that blockchain can facilitate, as evidenced by the proliferation of anonymous cryptocurrencies, may provide a path for more secure IAM.
Simeio also notes that not all identity data can or should be stored via blockchain due to inherent scaling issues, but blockchain can be a gamechanger in storing administrative controls. Simeio points out that that blockchain can be an asset to enterprise IAM but may not be necessary in environments that truly trust their employees.
The overarching theme of this post is that problems arise when you only rely on one authentication factor in your IAM platform. Single-factor authentication allows more hackers to fake legitimate credentials and infiltrate your network via false positives while punishing legitimate users with false negatives.
Simeio notes that the best facial biometric authentication tool is 99.5% accurate—an accuracy rate that can be pushed closer to 100% with the simple inclusion of another authentication factor. Biometrics are no deterministic measures and therefore cannot or should not be used on their own but create reassurance in the authentication process.
Finding talent to run your identity and access management or identity governance and administration solutions is a daunting prospect. SImeio found that it can take an average of 8 to 12 months to fill a single IAM vacancy.
Simeio suggests checking whether your job postings reflect the reality of the job and treating your employees well to build a good reputation among potential recruits. Additionally, focus on building interest in your company’s cybersecurity positions early on so that you can fill gaps faster. Consider mid-career level professionals for vacancies, or consider outsourcing to a third-party IAM vendor.
Among Simeio’s suggestions they highlight the importance of focusing IAM on roles rather than individual people, so that permissions align with jobs and what they need to function properly. This will prevent permissions creep due to personnel changes or movement. They also recommend improving authentication (moving from single factor to multi-factor) and embracing the principle of least privilege—giving users only the permissions they absolutely need to do their jobs and no more.
Simeio predicts that IAM spending will reach $20.87 billion by 2022. Streamlining your IAM is more essential than ever if you want to get your money’s worth. 81 percent of breaches leveraged weak or stolen passwords and 25% were the result of insider threats. So use your IAM solution to focus in on your internal digital security, take steps to protect your cloud activity, and convince your enterprise’s influencers to get aboard IAM security.
The greatest vulnerability is rarely found outside the enterprise. Instead, it is your employees. 74% of enterprises feel vulnerable to insider threats, and for good reason: 65% of data breaches involved employee or contractor negligence. Deploying an access governance solution can reduce the risks involved with insider threats, according to Simeio.