Now that we’ve tackled supporting our people by giving them the knowledge to avoid being tricked into sharing information or access, let’s move on to how we can help them securely manage that information, so that it’s not available to attackers through means beyond their control.
While a well designed and implemented identity management solution can have significant operational benefits (reduced duplication, easier integration, less time wastage, etc.), it is more importantly, a key element in an organisation’s security posture, addressing risk and improving the security outcome. Importantly – in the context of this article, we’re using the word “identity” exclusively to describe a user or a user’s account. We’re not talking about the identities of applications, systems, and other interconnected pieces – not that these are less critical, just that we’ll get to those in a future edition.
1. Centralise your identity stores.
Wherever possible, making sure that there is just one “source of truth” when it comes to storing and maintaining information on people, their identities, and their credentials, and how those things are used, reduces the chances of that data being manipulated or breached. Secondary or duplicate storage areas give rise to stale data, which can fly under the radar of awareness and quickly become a weakness in your security posture. Information that is not being kept up to date can easily be excluded from important security checks, and even data that is maintained but done so manually has the potential to be missed.
Centralised and automated data is more likely to be current and protected and reduces the chance of orphaned repositories and simple authentication, which can often eventuate due to people becoming lazy when they need to manage data in multiple locations.
Core systems such as Microsoft’s AD and Azure AD are increasing their capabilities to be used in this capacity, but for more complex requirements there are many other technology options in the market – ranging from specialized identity stores, to solutions which encompass the full identity, privilege, authentication, and access range of requirements.
2. Multi-Factor Authentication (MFA)
MFA is one of the most effective ways to protect against unauthorised access to your organisation’s valuable information and accounts, typically requiring a combination of something the user knows (pin, secret question), something you have (card, token) or something you are (fingerprint or other biometrics). The added layers of multiple proofs of information make it more difficult for attackers to gain access.
Another branch of MFA is Adaptive Authentication, which looks at the behaviour of a user when authenticating and analyses the context to understand the level of risk associated with the login attempt. For example, the time and location of the login or the network and device that is being used. Conditional Access Policies, deployed as part of Microsoft’s identity and access suite is a great example of how this can work in conjunction with MFA policies to apply a robust yet secure solution.
Supporting your people by equipping them with the right knowledge and awareness around cybercrime is vital, but it must be bolstered by a dependable set of technology-based checks and balances. Cyber criminals make it their business to invent new ways to confuse and manipulate users, therefore ensuring you have these critical programs and security systems in place will reduce your organisations risk and bring confidence to your people and customers.