Story image

Seven ways identity and access management can take the edge off data risk

02 Nov 2017

Data breach reporting regulations are becoming commonplace in many countries including Australia and as a result, organisations need to increase their identity and access management (IAM) maturity.

According to Centrify, the risks arising from breaches and breach reporting can be reduced if organisations take action.

Reported data breaches could damage both shareholder and customer loyalty – you only need to look at how Verizon slashed its offer to acquire Yahoo.

“A breach can wipe out company value, as we saw it with Yahoo!’s acquisition price devaluation of $350 million after its data breaches were announced,” comments Centrify’s senior director of APAC sales, Niall King.

“A recent Ponemon research study found that stock prices fall an average of five per cent and customer churn can increase as much as seven per cent after a data breach is disclosed. The stakes for properly securing access to corporate resources and handling security incidents couldn’t be higher.”

Another study by Forrester Consulting found that two thirds of organisations have been breached in the last five years. Those without a mature IAM approach experienced twice as many breaches and around $5 million more in costs.

To help organisations improve their cybersecurity defences, Centrify outlines seven best practices:

- Consolidate identities: According to Verizon, 80 per cent of breaches are due to compromised credentials. It’s critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible

- Enable Single Sign-On (SSO): Single Sign-On to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost, and improves user efficiency

- Implement Multi-Factor Authentication (MFA) everywhere: Multi-Factor Authentication, including third parties and the Virtual Private Network (VPN) that adapts to user behaviour, is widely acknowledged as one of the most effective measures to prevent threat actors from gaining access to the network and navigating to target systems

Audit third party risk: Outsourced IT and third party vendors are a preferred route for hackers to access corporate networks. Conduct audits and assessments to evaluate the security and privacy practices of third parties

- Enforce least-privilege access: Role-based access, least-privilege and just-in-time privilege approval approaches protect high-value accounts, while reducing the likelihood of data loss from malicious insiders

Govern privileged sessions: Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis, and

- Protect the inside network: Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide strong protection from malicious insiders and persistent hackers once inside the firewall.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.