Having an identity security solution deployed on your enterprise—regardless of your business’ size or vertical—may end up one of the best decisions you ever make.
Why You Need Identity Security Strategies
A next-generation identity and access management solution can help your enterprise ward off cyber attacks or deter them from happening in the first place. It can lend confidence to your employees and your customers, encouraging better communications and more reliable transactions.
However, simply having an identity security solution doesn’t constitute a secure network. Instead, your business must ensure it has the right identity security strategies in place to take full advantage of your solution’s capabilities.
With that in mind, here are a few identity security strategies to consider for your business
Monitor Your Third-Party Actors
If you have complete trust in your third-party vendors, applications, or partners, then you have what we term blind trust. Unfortunately, some of the largest and most devastating cyber attacks in history began with hackers gaining access to a third-party and using them as a stepping stone to their more lucrative target.
As simply one example, Target suffered its 2014 breach due to its HVAC vendor; they had given the vendor access far beyond its role requirements.
Therefore, you need to keep as close of an eye on your third-party actors and applications (non-human actors can also have identities and unnecessary permissions) as you do on your employees. Selecting an identity security solution which helps promote visibility and role management like identity governance can help. IGA helps IT security teams monitor actors, determine their permissions, and revoke unnecessary ones.
Indeed, this leads to the next of our identity security strategies.
Enforce The Principle of Least Privilege
The Principle of Least Privilege should supersede all other identity security strategies which contradict it; your enterprise shouldn’t embrace any policy which poses as an exception to this rule.
The Principle of Least Privilege states employees and privileged users alike should only have the permissions and access they absolutely need to complete their job duties. Any more than that makes those credentials ideal targets for external threat actors or insider threats.
Your identity security solutions should help you enforce the Principle of Least Privilege. A privileged access management (PAM) solution can help you reel in privileges on your employees’ identities and monitor superuser credentials more closely for signs of abuse. PAM can also provide your enterprise with Just-in-Time Access and Zero Trust; not even the CEO should have access everywhere, all the time.
If you feel this is restrictive, IGA solutions also can help your IT security team grant temporary access on strict timers to help them with special projects.
This may prove one of the most confusing identity security strategies we offer in this list, but it may also prove one of the most essential lessons of this article.
Two-factor authentication has enjoyed something of a renaissance in the last year. Enterprises embrace the need to supplement notoriously insecure and easily hacked passwords. Often, they ask for employees to provide a secondary factor such as a response to an SMS message to their mobile devices.
However, while this tool certainly provides convenience and a certain degree of security, it may not offer enough of the latter.
While the tactic remains in its infancy, hackers continue to experiment with interfering with two-factor authentication, especially SMS messaging as a second factor. They can now send a spoofed SMS message to employee mobile devices; they can then direct them to a spoofed website to steal their credentials.
Your enterprise needs multifactor authentication (MFA) to keep its most valuable credentials and databases safe. While perhaps not as convenient as two-factor authentication, it helps ensure hackers can’t brute force their way into your network through stolen passwords alone.
These extra factors can include (but aren’t limited to):
- Time of Request Monitoring.
- Biometric, both Physical and Behavioral (such as typing behaviors).
- SMS Messaging.
- Hard Tokens.
A privileged access solution can help your enterprise deploy and maintain any and all of these factors across your network. If you truly worry about employee adoption and potential workarounds, you can have your PAM solution institute step-up authentication.
Step-up authentication allows employees and privileged users to enter the network with simple credentials but as they request access to more sensitive assets they must provide additional authentication factors. This balances security and convenience.
Onboard, Offboard, Secure
One of the most important identity security strategies your enterprise must adopt is proper onboarding and offboarding policies.
Offboarding best practices provide strictly security benefits. Once an employee leaves your enterprise, you must remove access from their credentials and remove their account from the network. Not doing this quickly could result in a possible retaliatory insider threat attack. Even in the best case scenario, leaving an account lingering on the network without an owner—an orphaned account—presents a weak spot in your digital perimeter.
By contrast, onboarding offers both security and workflow benefits. Making sure employees have only the access they need to complete their jobs certainly helps security. However, giving employees the permissions they need at the beginning also allows them to hit the ground running. The faster they can start, the faster you can benefit from their labors.
We’ve written about password security numerous times in the past. We appreciate it must feel repetitive to some degree. However, we repeat ourselves because we recognize its importance. Passwords remain the most common way users interact with and assert their digital identities.
Passwords may not be inherently secure, but following best practices can help them become stronger protections. Therefore, following password security best practices should stay at the top of your identity security strategies.
The most common and best advice about passwords include:
- Don’t share passwords, ever.
- Don’t reuse passwords, ever.
- If any enterprise to which an employee has an account becomes breached, that employee should change their passwords.
- Passwords should be complex and difficult to guess, always.
- Don’t write down passwords, as tempting as that may be.
These identity security strategies only scratch the surface of what your enterprise should consider. For more, you can download our free Identity and Access Management Buyer’s Guide.
Latest posts by Ben Canner (see all)
- What are The Key IDaaS Capabilities for Enterprises? - October 16, 2019
- What are “Pass the Hash” Attacks? How Can Your Enterprise Prevent Them? - October 16, 2019
- What’s Changed: 2019 Gartner Magic Quadrant for Identity Governance and Administration (IGA) - October 14, 2019