Identity and access management (IAM) solution providers are in the thick of the daily cybersecurity crises of the times. Data breaches, stolen credentials, insider threats—IAM vendors work tirelessly to detect and mitigate these threats as quickly and effectively as possible. Therefore, we here at Solutions Review like to read through their blogs, as their posts are like digital war correspondence. They have a hands-on insight impossible to get anywhere else.
Our subject this week is Texan identity and access management vendor Identity Automation. Here are the key findings we found from their blog posts from Q1 of this year:
We’ve written extensively on the omni-present cybersecurity staffing crisis, and it isn’t just on our minds: solutions providers throughout the world are more than a little worried about the skills gap. According to Identity Automation 45% of enterprises already report a shortage of cybersecurity expertise in their workforces, and that the industry workforce gap is on track to reach nearly 2 million in 4 years. Enterprises have had to scramble to find any sort of talent at all.
The shortage has prevented enterprise cybersecurity teams from fully learning the technology or tools they need to do their jobs effectively, allowed security breaches to occur unchallenged, and sapped confidence in their abilities. Identity Automation claims that an IAM solution can actually help alleviate these issues through automating password rests and identity lifecycles. IAM solutions can even delegate permissions management to employees’ direct managers, taking advantage of the staff your enterprise already has to take stress off your IT team.
Identity Automation feels much the same way we do here about passwords; namely, they’re a serious attack vector more likely to be the cause of a data breach than a factor in preventing it. In fact, 81% of breaches can be traced to poor password management.
This post debunks some common myths about passwords. As just one example, longer and more complicated passwords are not necessarily more secure from hackers’ cracking technology. As another, mandating frequently changing passwords can push employees to using weaker passwords that are much easier to guess. Even a perfect password policy can’t secure your enterprise entirely; phishing attacks can still steal them. A multifactor authentication solution will be much more effective.
Once you’ve convinced your board of directors, CEO, or otherwise reluctant purse-string holder of the need for more investment in cybersecurity, where should the money go? What will give you the most security? Identity Automation suggests three key areas of investment: multifactor authentication, identity-related automation, and identity governance and compliance. By investing in these, your enterprise is simultaneously investing in better overall digital security, improving efficiency while decreasing IT team stress, and averting future costs, respectively.
They also suggest how much to invest: 15-20% of your IT budget should go to cybersecurity in order to keep up with the deluge of threats both external and internal.
Insider threats do not always stem from your own employees or even from within your own enterprise. Third-party breaches have caused millions of dollars in financial damage and a yet-unknown amount in reputation damage. 63% of global breaches are linked to third-parties. Yet outsourcing, especially IT outsourcing, will only become more necessary and more widespread in the digital future.
Identity Automation suggests you deploy dedicated controls for third-party access. If your legacy IAM solution doesn’t support it, as many don’t, it is definitely time to consider an upgrade. You need a solution with the fine-grain controls and PAM capabilities to handle the demands of modern third-party IAM demands.