How to find the right identity and access management tools

 

The right identity and access management tools reduce your vulnerability

Major data breaches are a destructive reality– and the problem is growing. According to a Ponemon Institute study, 59% of companies said that they have experienced a data breach caused by one of their vendors or third-parties. In the US, that percentage is even higher, at 61%—up 5% over last year’s study and up 12% since 2016. Managing user access has changed drastically in the past decade or so. Identity and Access Management tools are used to assume a one-to-one relationship between a network access point or a computer and a user. But, as cloud-based applications and networks (i.e. AWS, SaaS, etc.) become more the rule than the exception, these assumptions become outdated. Users may need access from anywhere, at any time, via any device. We expect identity and access management tools to be consistent and intuitive across platforms and applications. And that’s just for employee access. It’s no wonder that Gartner listed privileged account management as the top security project for CISOs to focus on in 2019. As companies rely more and more on vendors and third-parties to manage their CRM, back-office, and e-commerce infrastructure, it becomes more difficult to understand exactly who has access to sensitive company data. So, while depending on vendors increases efficiency, it also increases your vulnerability to threats.

Requirements for identity and access management tools

Identity and Access Management refers to the system of policies and solutions deployed to securely match users and applications with the appropriate access. Since the security environment and solutions infrastructure have been evolving, it’s a good idea to assess your company’s current IAM solution. You need to identify any gaps related to tools and processes for defining roles, access requirements for each type of role/user, and your audit requirements. Use this assessment to evaluate any new identity and access management solutions or enhancements for your current one.   Your solution should include tools that authenticate, audit, and control access by employees and third-party vendors. These three A’s are essential for maintaining the security of your business:

Authentication

Multi-factor authentication reduces risks of single-factor methods and helps to comply with standards and regulations.  Multi-factor also requires each user to have unique credentials, eliminating the sharing of logins and passwords to better secure network access. Generally, these features revolve around knowing and managing users via your directory service. This includes tools that:

  • Manage individual identity and permissions by roles
  • Manage passwords and multi-factor authentication
  • Support complex remote support by vendors
  • Support single sign-on (SSO) across platforms and systems
  • Securely manage, rotate, and insert privileged credentials

Audit

High-definition auditing tools track activity including (but not limited to) files transferred, commands entered, and services accessed. You should look for tools that provide:

  • Detailed log files
  • Recordings of remote and desktop sharing sessions
  • Audit tracking for all individual users
  • Access monitoring

Access

Users should be restricted to certain commands and networks/subnetworks by least privilege, need to know, and collaboration requirements. Access tools should:

  • Control access across multiple operating systems and devices
  • Enable collaboration and chat among users
  • Integrate with CRM solutions
  • Provide granular, directory-based access controls and scheduling
  • Offer granular command filtering and canned script and command

Identity and access management tools mitigate data breach threats

Right now, every enterprise is vulnerable to costly and crippling data breaches. Identity and access management tools provide the foundation for mitigating threats from employees, customers, vendors, and other third parties. Changes in technologies and networks will bring even more threats in the future.