As the definition of “identity” expands beyond human identity to include devices, animals, robots, and applications, we need to recognize why identity and access management is important and reassess our identity management practices. Additionally, increasing number of distributed cloud systems, BYOD, remote workforce, IoT, and data breach cases require smarter approach to identity and access management by leveraging new technologies in the areas of authentication, and artificial intelligence with machine learning to address system intrusions and data breach detection.
Many in the cybersecurity industry are recognizing the importance of identity and access management while risks continue to evolve worldwide as new threats, solutions and laws are introduced. Specifically, cyber crime, identity theft, fraud, and incidents of data breach are on the rise and global governments are scrambling to address privacy of consumers and manage risks through regulations.
Below is a list of reasons why identity and access management is important to the cybersecurity, data protection and privacy industries:
Definition of the Term “User”
As mentioned, the complexity of managing multitude of identities which need to be connected and have access to resources requires advanced IAM capabilities to validate access requests, grant the most appropriate access, and monitor activities to detect anomalies and prevent data breach. The term “user” referred to humans in the past but the definition of the term goes beyond humans to include robots, applications, and Internet of Things (IoT). One of the main objectives of IAM is to make sure authorized users have the appropriate access to the right resources at the right time as quickly as possible. This is why proper onboarding, access provisioning, and offboarding is so important to ensure continued and efficient security without hiccups.
Offboarding is a high risk area as managers do not have the same incentive to offboard contractors and temps as they do during their onboarding phase. Managing employees and their access may be more straight forward as they are often tied to the payroll system with integration to the central identity directory which has tighter controls than other systems, yet, if some systems are not integrated with the central identity directory, then removing a user from the directory will not trigger the removal of the user from all systems which is why offboarding is much more important.
Offboarding is a “silent” process according to Henry Bagdasarian which means no one complains when a user is not removed form the system until it is discovered during an audit or incident. However, onboarding is not a silent process as users and managers will complain for not having access to desired systems and data.
User Access Risks
Users who have system and data access are often targets of phishing attacks to steal their credentials. More specifically, privileged users who have elevated access are prime targets of cyber-criminals to access high value systems, data, and transactions such as invoicing, procurement, and payments. Stealing existing access is much more easier when targeting naive users than trying to hack into systems. This is because all of our high tech security investments can not prevent a data breach when an authorized user access is stolen and used consistent with the user’s usual activities to evade anomaly detection.
When applied properly, advanced identity and access management tools can help detect suspicious activities quickly whether they are committed by external or internal criminals. In fact, insiders who have highly privileged access pose the greatest risks as they may be disgruntled or have financial problems, therefore have the incentive and opportunity to commit a perfect crime. Highly technical users who have privileged access can also cover their tracks by modifying system logs.
Sometimes, users also make mistakes and errors which can also be mitigated with IAM tools and education. Identity and access risk awareness education is very important to prevent hackers from stealing user credentials.
Another reason why identity and access management is important in cyber security is because organizations must comply with increasing, complex and distributed regulations, and they must ensure and demonstrate an effective customer identification process, suspicious activity detection and reporting, and identity theft prevention. Identity and access management solutions can be leveraged to manage various regulatory requirements such as having a Customer Identification Program (CIP), Know Your Customer (KYC), monitoring for Suspicious Activity Reporting (SAR), and Red Flags Rule for identity fraud prevention.
Identity and Access Management is extremely complex and critical in managing security risks. Although technology is an important part of identity and access management which can be leveraged to support an organization’s cybersecurity objectives and strategy, effective IAM also requires processes and people for user onboarding and identity verification, granting and removing access, detecting suspicious activities, and keeping unauthorized users out of the systems. IAM can help organizations achieve operating efficiency and optimal security through state of the art technology and automation such as adaptive, multi-factor, and biometric authentication.
As companies become more aware of the urgent need for managing security risks through identity and access management, deploying systems, designing processes, and employing skilled staff also become apparent.