Re-Thinking Identity and Access Management (IAM) with a Zero Trust Based Approach.
Covid-19 pandemic has pushed most organizations to embrace the digital imperative. The world has become a connected digital economy which has seen more focus placed on speed , agility, interoperability and security .The physical and virtual worlds have become more and more entwined, coming together in some way facilitated by one’s identity. The gap between the physical and digital is bridged by your identity. It all starts when one “Logs-into” their Banking Application to buy an electricity token or top up their Mobile, or when you “Sign-In” to watch a movie on Netflix.
Challenges exist when you enter the virtual world including:
• Identity Assurance (Trust) – Is the user who they claim to be?
• Access Assurance – Who has access to what?
The Rise in Identity Theft
The covid-19 pandemic has created a breeding ground for scams, fraud and identity theft. Switching between the physical and digital world is breeding the crisis of identity theft. The world is witnessing a surge in cyberattacks leveraging stolen identities. The security landscape has completely shifted since the pandemic, as such businesses need to be able to support a long-term hybrid workforce going forward. Identity management has inevitably become a key component to keeping an organization’s Information Technology Infrastructure secure.
Breaches targeted at individuals have exposed so much personally identifiable information (PII) which makes it quite easy for hackers to use our identities against us. Organizations should ensure that Identity and Access Management (IAM) Solutions are at the front and center during IT Security strategy discussions. IAM addresses issues revolving around questions such as “Do the right employees have access to the correct resources with appropriate confidence level of access”? Without this organizations run the risk of cybercriminals exploiting their IAM weaknesses, which can adversely affect their businesses and ultimately become an embarrassing headline on social media and in the news.
Identity and Access Management as a Control Point for Authentication
The rising tide of compromised credentials calls for Security leaders to re-think their Identity and Access Management strategies. One way to address this is through an intelligent roll-out of multi-factor authentication (MFA) solutions placing emphasis on IAM as a control point for authentication. It however does not end there , organizations should endeavor to leverage data-aware cybersecurity solutions to significantly deal with an adversary who might be an inside threat by preventing actions such as copying, moving or deleting data on critical systems .
Zero Trust Approach
A Zero Trust approach, is a multidimensional approach that put security everywhere, so we can have trust everywhere. Infusing security into every service, operation and transaction, every time allows an organisation to build trust in its digital ecosystem. The objective is to insulate critical assets and data from compromise. A zero trust approach with a focus on wrapping security around every user, every device, and every connection should be adhered to religiously. This approach can help organisation protect their most valuable assets and proactively manage threats.
It is imperative to understand that a modern enterprise should securely connect its users to the resources they need by:
• Limiting the number of passwords employees need to create, remember and manage.
• Leveraging single sign-on (SSO) to platforms and applications.
• Desisting from a sole reliance on passwords
• Use of passwordless authentication methods wherever possible
• Deploying modern verification methods such as multifactor authentication (MFA)
Conclusion
Business and IT Security leaders should understand the importance of identity management and its key components including Identity Governance, Identity Life Cycle and Access Management. A Zero Trust approach is the next frontier, which combines access with the ability to understand how it is used. Great emphasis should be placed on the dangers of not properly securing identities and access credentials. Guidance should be provided to users, to ensure that their online identities are protected through security awareness, best practices and readily-available technologies. Implementation of robust, identity-based solutions to securing critical data and applications should be accelerated. Modern methods that focus on controlling access and monitoring usage of access with a Zero based approach can help your organisation to effectively secure access to your critical assets “the crown jewels “core to your business operations.
If you have any questions, please do not hesitate to contact me at inno.mapanga@live.com
Innocent Mapanga
Regional IT Infrastructure & Security Lead
