Identity and Access Management News-October 2018

The identity and access management (IAM) landscape is always changing, and staying on top of the latest news can help you protect yourself and your business from vulnerabilities. From major market expansion to the latest attack on Facebook, here’s what you should know about IAM this month.

$14.82 Billion IAM Market Share Predicted

By 2021, the global market share for IAM is expected to exceed $14.5 billion in U.S. dollars, representing a compound annual growth rate of 12 percent. This significant jump reflects growing security concerns as companies adopt more cloud-based applications and continue to invest in SaaS solutions. An increasing awareness of compliance requirements is also driving the market as regulations are updated.

Facebook Breach Blamed on Access Token Error

Facebook’s latest breach affected an estimated 30 million users, but it was neither complex nor sophisticated. Personal information, including check-ins, searches, contact information and profile details, was stolen from 14 million accounts, and contact information from an additional 15 million accounts was also compromised.

Hackers gained access to data through a simple flaw involving video previews. When users chose to view a birthday video using Facebook’s “View As” option before posting it to their profiles, right-clicking to obtain the source code for the page revealed an access token for the user from whose perspective they were previewing. Hackers were able to scrape access tokens for millions of users by exploiting this vulnerability,

Facebook says the problem was fixed as of September 27, but as with any breach, users should continue to exercise caution.

Malware Remains Most Popular Attack Method

According to research by Positive Technologies, the frequency of malware attacks dropped from 63 percent to 49 percent between Q1 and Q2 this year. However, attacks involving compromised credentials increased from seven to 19 percent.

Malware is still the most popular form of cyberattack and can be used to steal credentials for use in more sophisticated or extensive breaches. Targeted attacks executed for the purpose of extorting money from companies or stealing valuable data are still common, meaning you need to be diligent across departments in your company. A single phishing email, compromised file or infected employee device can provide an open door for hackers to undermine your IAM framework.

Federated Identities May Give Way to Consolidated Identities

The current trend in using federated identities may need a makeover to keep up with the complex security concerns and requirements of modern businesses. A federated identity allows a user to log into multiple services with one set of credentials, such as when you access a third-party website using your Facebook or Google account. A federated identity supplies a single key for cross-domain interactions and interactions between software platforms from different companies, allowing users to access a variety of services without the need for all providers of these services to use the same kind of authentication technology.

Consolidated identity is being proposed as the next wave of IAM within enterprises. Currently, employees using multiple tools to do their jobs likely have to log into each platform with a separate identity. Doing so creates a distraction, slows down workflows and makes it difficult to work efficiently. A consolidated identity combines access rules and authentication protocols to allow access across siloed services based on a user’s needs and security level. This aggregation of access rights can greatly improve time management and increase productivity.

Google Introduces New IAM Tools

Identity management and security is an increasing concern as the adaptation of cloud platforms becomes more widespread and companies are beginning to rely on a greater number of cloud-based applications for daily business tasks. Google recognizes the complex issues involved in enterprise IAM and has been working on new tools to improve cloud security.

“How do we rethink identity in a cloud-based world?” was the question posed by Karthik Lakshminarayanan, Google’s director of product management. The company is answering the question with:

  • Cloud Identity for Customers and Partners (CICP), a tool to add IAM to apps for better security
  • Secure LDAP to allow for seamless access to access both new and legacy applications
  • Cloud Identity-Aware Proxy (IAP) for context-aware access, making it possible to control data and application access based not only on credentials but also the context of a request
  • Location restrictions for the Google Cloud Platform to prevent the unauthorized creation of resources in specific offsite locations

Some tools are still in development, and others are being finalized to help make IAM easier for businesses working with sensitive data in the cloud.

Continue to monitor the latest IAM news and read new articles to stay on top of industry changes and get alerts regarding security concerns. New product and service releases and innovations from big players in the industry can transform your approach to IAM and ensure better security for the future. And, don’t forget to get certified.