An identity data breach can tarnish your enterprise’s reputation for years to come. It can cause a significant and permanent drop in your customer base, add hefty legal fees to your expenses, and could result in future identity data breaches as stolen credentials are turned against your network.
As an enterprise leader, you need to take your identity management seriously. An essential step in doing that is staying up-to-date on the latest identity security best practices. In that spirit, we here at Solutions Review have compiled some of our findings on the new ways to take your identity management seriously. They include:
Keep Your Mobile Devices Secured—Digitally and Physically
One of the biggest challenges to modern identity management is the bring-your-own-devices cultural revolution. In many ways, it has proved a boon to enterprises’ productivity and communication, while simultaneously providing employees with a more comfortable working experience. However, at the same time, it has created new security risks. Having so many devices logging into your networks from outside your IT perimeter can prove a challenge if you intend to take your identity management seriously.
In part, this means making sure that your employees’ mobile devices are secured with your identity and access management solution and with the proper authentication protocols. If necessary, update your IAM solution to accommodate the surge in connected devices.
Employees should be required to log into your network from scratch, even from recognized devices. Although recognized devices can be part of your multifactor authentication scheme, they should be only one part of such a scheme. Your enterprise should also forbid your employees from saving their enterprise passwords on their devices, as it is too easy for hackers to obtain those credentials should they ever gain access.
However, securing your mobile devices also means protecting the physical mobile devices in the analog world. If your enterprise gives out mobile devices to your employees as part of their roles, make sure they treat those devices carefully and that each has some kind of tracking program or device embedded in it. A recent article from identity and access management solution provider Centrify mentioned that 26,000 lost mobile devices were discovered on London’s public transportation. Furthermore, they noted that this figure only accounts for devices returned in good faith, not for any that were stolen outright.
Your enterprise, therefore, needs to consider implementing emergency procedures for when a corporate mobile device is lost or stolen so that it is rendered useless to hackers—even at the cost of the device itself. With the right technology, hackers can easily crack into these devices and skim your employee’s credentials…which can put your whole enterprise at risk. It may be better to lose some progress than to compromise your digital assets.
Identity Management Must Start Top Down
This is a rule that applies to cybersecurity overall, but identity management is in a unique transitional period in relation to digital security.
According to Ping Identity’s Founder and CEO Andre Durand, identity management is about to subsume and incorporate cybersecurity utterly. According to a recent Deloitte Insights survey of CIOs (chief information officers), only 10% of CIOs said that cybersecurity is a top business priority and less than 35% said good cybersecurity was part of the cost of doing business. Market reports suggest that less than 10% of enterprises’ cyber budgets are earmarked for identity management.
From a security perspective, these findings are unacceptable. If your enterprise intends to take your identity management seriously, it can’t be something that you relegate to your IT security team. Your employees will follow the example of your executives and managers in how they protect their identities and manage their passwords, so your executives need to set the best example possible.
Have your executives demonstrate the steps they take to protect their digital identities in their everyday business processes as part of your security training. Employees are more likely to follow identity best practices if they can put a real, recognizable face to the practices rather than thinking about them in the abstract. Relatedly, your executives should attend your security training sessions to demonstrate that they take security seriously. As an added bonus, they might learn something about their identity security.
One of the new ways to take your identity management seriously is to build a corporate culture where security is a top priority. Speaking of which…
Identity Management Means Identity Hygiene
One of the most obvious ways to take your identity management seriously is to invest in and maintain your IAM solution to make sure you have the most up-to-date and upgraded version of your solution possible. Legacy identity solutions are no longer adequate for protecting the modern enterprise against threat actors either external or internal. As difficult as the transition might be, and as comfortable to your particular legacy solution as you might be, you need to assess your digital defenses honestly. If it is no longer adequate, you must adapt.
However, part of this adaptation is to inform, instruct, and reinforce your updated IAM solution to your employees. As we implied before, you should be regularly training your employees in IAM best practices and some of those practices need to relate to the actual solution your enterprise uses. If your employees don’t understand your identity security fully, they will become bogged down in trying to work with it. Worse, they could develop convenient subversions to your identity solution that could compromise your entire network.
Emphasize to your employees just how important following the proper protocols is to their safety, and make sure they can follow the protocols in the course of their daily routine. Work with your IT security team to smooth out rough spots or work with employees who are struggling to help them develop safe strategies. Show them why you take your identity management seriously. If they understand, they will follow.
Latest posts by Ben Canner (see all)
- Mitigating Remote Risk in Identity Management: The Capabilities You Need - April 3, 2020
- Okta Unveils Okta FastPass at Oktane20 Live - April 1, 2020
- Why Did Gartner Retire the IGA Magic Quadrant? - March 31, 2020