Using the Human Element theme: “We are the human element in cybersecurity” – RSA kicks off Feb 24 – 27, 2020 in San Francisco. The shift in cybersecurity is quickly changing from the perimeter to the person. As Richard Bird from Forbes says, “Identity is not the new cybersecurity perimeter — it’s the very core.”
Remote work and other developments call for a shift to managing people rather than devices. Understanding what an individual has access to, how access was granted and why they have access is paramount to security-first cultures. Shifting from on-premise IT architectures to cloud and hybrid architectures change not only how cyber attackers can gain entry from weak external controls causing data breaches but also how they gain entry from the inside. In this new cloud-first world, all a hacker must do is get one person in an organization to click a link and its game over.
Cloud initiatives are driving strategic investments and promoting faster time-to-market deliveries. Organizations need to understand that multi-cloud solutions will inevitably happen. The SANS 2019 Cloud Security Survey pointed out more organizations are moving data and applications to the cloud:
- 76% of respondents have business applications and data in the cloud
- 47% of respondents use server virtualization.
Whether through application purchases, mergers, and acquisitions, or even divestitures – the dynamic world of the cloud needs to have a simplified method to assure governance in near real-time to ensure compliance with your policies and provide for a dynamic environment.
We also know cybersecurity risks move right along with migrations. As organizations evolve their business operations, cyber attackers evolve their threat methodologies as follows:
- 49% account or credential hijacking
- 42% misconfiguration of cloud services and/or resources
- 39% privileged user abuse
- 31% unauthorized (rogue) application component or compute instances
Governance of multi-cloud-based initiatives needs to be nimble to effectively manage the rapid adoption of change. Five key areas need to be addressed.
1. Effective management of joiners, movers and leavers
A consistent approach to managing Joiners, Movers, and Leavers (JML) is fundamental to understanding how effective multi-cloud environments and implementations work. If JML and their assigned permissions are managed ad-hoc, you have a significantly high risk, a lot of extra legwork, and will be fixing corrective actions later. Establishing visibility to cloud environments will enable you to understand what risks are identified and have a way to proactively mitigate them.
2. Establish continuous compliance controls standard
Utilize continuous compliance of controls to meet standards. Apply your access control sets to cloud environments. Meet Internal ITGCs, regulatory controls, or customer contractual controls as you build and deploy. As you deploy, make sure you are thinking ahead about meeting auditing requirements. This is a continual process focused on multiple conduit interface access risks, including management consoles, APIs, and command-line interfaces.
3. Use risk analytics for SEIMS, SOC, IR
Provide Risk Analytics and corollary support to systems such as your SEIMs, SOC, and Incident Response programs. Collect measurements: the number of containers and identities used. Enhanced identity analytics turn those measurements into metrics. The hub of identity information should be accessible by the people and systems that are providing additional context. The ability to efficiently import and export critical activity is key to providing analytical insight.
4. Easy simple centralized dashboard
For ease of use and centralized visibility, a single dashboard enables you to see what is changing in your environment. Easily pivot from viewing fine-grained entitlements for a user’s access to viewing who else has those entitlements to be able to make informed actionable decisions. These types of correlations need to dynamically scale to meet the business requirements of time-to-market demands, and not impede the business. Leveraging intelligent identity at scale upfront can provide insight and prevent future disruptions.
5. Improved security
Actionable results truly enable improving security. Having detective visibility is part of the foundation but being able to take the next step and make corrective and preventative changes is what makes the solution more secure. The ability to see what are allowed actionable events drives the culture of security first organizations.
WHY SAVIYNT? INTELLIGENT ACCESS. SMARTER SECURITY
Saviynt starts with people – who they are and what applications they need – to create a holistic set of identities across the cloud ecosystem. Our approach enables customers to govern all identities access from cradle to grave, providing continuous visibility of access to enforce internal controls that align with regulatory and industry-standard mandates. Saviynt’s cloud-native platform offers flexible deployments, including on-premises only or hybrid/cloud to match your hybrid ecosystem identity needs.
Our suite of solutions enables you to create a holistic approach to IAM that enables you to mature your cybersecurity posture by securing your identity perimeter.
For more information about managing an identity-centric security strategy, please contact us for a demo today.
