The Importance of Identity Management in Security
It’s ever more challenging in today’s work-from-anywhere world to prevent cybersecurity breaches.
It’s ever more challenging in today’s work-from-anywhere world to prevent cybersecurity breaches. And while all organizations work hard to prevent attacks through traditional security measures such as multi-factor authentication, patching, training, and more, the bad guys increasingly find their way in through poorly thought-out, scattered access and identity management practices. The solution, we’ve seen in discussions during CIO roundtables, seminars, and dinners, is to adopt a privileged access identity management approach.
When you have an improperly managed access and identity process and technology, you might as well hang a sign outside the door: “Come On In”. And once a bad actor hijacks someone’s (or something’s) real identity to enter, they can use that access to move north-south, east-west across networks to steal, manipulate, or hold hostage data, sensitive information, and critical business applications. They can falsely approach vendors, partners, customers, and consumers. In the process, risk levels increase, reputation plummets and operational efficiency is severely compromised.
Privileged access management (PAM) should define the set of rights you give to every single contractor, employee, partner, and vendor. A well-implemented PAM program helps protect organizations against cyberthreats by monitoring, detecting, and auditing unauthorized privileged access to critical resources.
But PAM should not be implemented willy-nilly on some resources, platforms, users, or types of devices – and not others. Enterprises should adopt holistic, integrated solutions that provide your enterprise with the visibility to discover, on-board, manage, and audit any user or device by role, function, persona, time, or location.
PAM takes many forms. Some companies prefer to give access to individual PCs, tablets, and mobile phones. But the per-device privilege is a red herring. What if the device is stolen and hacked by a nefarious actor – or even used incorrectly by a coworker?
A better approach is to manage access by name, function, role, assignment, or persona. It’s critical, also, to place time-based, or geographic-based parameters on identity and access. For example, I may be working on a project for 10 days. Or, I’m temporarily filling in for my boss and her other management responsibilities. Or, I’m a financial analyst with access to sales and fulfillment data, but only for my investment company’s upper Midwest region.
About Author
