Twas the week before Christmas and all through the Net,
Bad actors were hunting for credentials to get.
The villains had started by scanning the Cloud,
In hopes that vulnerabilities soon would be found.
A phishing email through the filter had slipped.
A bleary-eyed worker on the link somehow clicked.
His outdated permissions as admin still stood,
Despite having left that department for good.
‘Cross town, on a nightstand, a cellphone did clatter.
The CISO, he grumbled, “Now, what’s the matter?”
The malware infected servers like a flash,
Tore through the network, into memory cache.
The admins were calling ‘bout lights all aglow.
The users were griping “the network is slow!”
Shocked, the poor CISO sat straight in his bed.
“It’s encrypting the drives!” the sysadmin said.
With ransomware, there’s no easy trick.
“I hope we have backups,” he said, feeling sick.
He dialed the number of a friend and mentor.
She answered. He shouted and vented to her:
“The Network! The Systems!
Our data’s encrypted!
No, Website! Or Sharepoint!
Our users evicted!
Our production’s been stopped!
Our production’s been stalled!
I need your advice, please!
That’s why I’ve called!”
You’re in quite a fix, my good friend, I do fear.
It seems that this incident has made one thing clear.
Modern security should include IGA.
Identity’s the perimeter we use today.
Just listen, my friend, while I offer you proof
How our company prevents this type of goof.
Let me tell you a tale of what just happened here,
We partnered with Saviynt at the start of last year.
When COVID first started from the office we fled.
All our workers were off-site then, much to my dread.
Their engineers promised, we’d not see a hack,
Because Enterprise Identity Cloud had our back.
In quiet home offices, employees sat toiling,
Unaware that Cloud PAM was deployed and foiling.
The network was locked down, or so we all thought.
but then some credentials from the Dark Web he bought.
We told them, ‘Don’t reuse passwords,’ time after time.
And some of them listened. Well, some of the time.
To a few of those passwords, our systems were matched.
With no standing privilege, not much could be snatched.
Not one to be thwarted, he requested access.
Analytics then deemed the permissions excess.
It then escalated for human approval,
but the risk rated high so they sent a refusal.
He tried it again and it triggered alerts.
So we locked that account and booted the jerk.
Now all of our admins are in Christmas mode.
Configuration was easy — It required no code.
The lesson, my friend, that you should take from this:
IGA’s an investment that helps lower your risk.”
He sighed and he whispered, “I guess you are right.
If we had partnered with Saviynt, I’d be sleeping tonight.”
Before the new year begins, it’s time to get smart
So schedule a Saviynt meeting, that’s a good start.
