Identity Defined Security Alliance - Experts & Thought Leaders

The Identity Defined Security Alliance (IDSA), a non-profit that provides free vendor-neutral education and resources to help organizations reduce the risk of a breach by combining identity and security strategies announced the second annual ‘Identity Management Day.’ The awareness event takes place on the second Tuesday in April each year; this year Identity Management Day 2022 will be held on April 12. Identity Management Day According to the “2021 Trends in Securing Digital Identities” report from the IDSA, 79% of organizations have experienced an identity-related security breach. The mission of Identity Management Day is to educate business leaders, IT decision-makers, and the public on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and related access credentials. In addition, the National Cybersecurity Alliance (NCA) will guide consumers, to ensure that their online identities are protected through security awareness and best practices. Implementing identity management best practices The goal is to raise awareness, share best practices, and inspire individuals and organizations of all sizes to act" “Attacks over the past year on SolarWinds and Colonial Pipeline had massive repercussions, and yet neither was carried out via new techniques. Both were the result of inadequate identity management practices. The SolarWinds and Colonial Pipeline breaches should be a rallying cry for implementing basic identity management principles and evidence that an identity-related breach can happen to an organization of any size and have significant repercussions to critical infrastructure and supply chains,” said Julie Smith, executive director of the IDSA. “The goal of Identity Management Day is to raise awareness, share best practices, and inspire individuals and organizations of all sizes to act, so that failure to implement basic identity management best practices doesn’t result in the next headline breach.” How to get involved Become an Identity Management Champion: Join the growing list of Identity Management Champions who make identity management and security foundational to their mission. Nominate for an Identity Management Award: Submit to individuals and organizations that are making identity management and security an enabler to business operations while reducing risk. Share Best Practices: Contribute blog content on identity management and security. Send links for amplification on social media and potential inclusion on the Identity Management Day website. Join the Identity Management Day Conversation on Social Media: Spread the word on social media using #IDMgmtDay2022and #BeIdentitySmart and the social cards Explore Resources: Discover best practices for enterprises, SMBs, and consumers from across the industry on the Identity Management Day news and resources page. Support the Next Generation of Identity Management Leaders: Donate to the “Identity Management Day Scholarship Program,” a scholarship fund to help provide financial support to high school students and career transitioners on their path to an identity smart cybersecurity career. Join Us on Identity Management Day: Hear from identity and security practitioners, industry experts, and network with peers on best practices for addressing today’s challenges and the future of identity security. Register for updates on events happening on April 12. Improving cyber identities Poor cyber hygiene on a professional or personal account or device can leave your entire digital identity vulnerable" “Work from home and ‘bring your device policies have blurred the lines between our personal and professional lives. Poor cyber hygiene on a professional or personal account or device can leave your entire digital identity vulnerable.” “Fortunately, there are a few simple steps everyone can take to vastly improve the security of their online identities. These include enabling multi-factor authentication wherever possible, using a password manager, and performing software updates. Taking even just one of these steps can help protect both your organization and family from cyberattacks,” said Lisa Plaggemier, Interim Executive Director of the National Cybersecurity Alliance. Zero Trust security model “Two years into pandemic-induced remote work, changing market dynamics, evolving customer needs, and modified operating models, digital transformation and cybersecurity have never been more paramount.” “As business transformation continues to accelerate, managing risk and security in a work-from-anywhere world remains challenging for enterprises and SMBs alike. Today, identity has become the first line of defense and the first step to protecting organizations and adopting a modern Zero Trust security model,” said Ravi Erukulla, VP, Analyst Relations and Customer Advocacy at Saviynt and Chairman of Identity Management Day.

These days, business is more collaborative, adaptable, and connected than ever before. In addition to offering new identities and access privileges, new applications and data also increase the attack surface available to cyber criminals, hacktivists, state actors, and disgruntled insiders. These new identities need to be handled carefully. CISOs must develop an identity management strategy that is consistent across on-premises, hybrid, and cloud systems. Good security is built on solid identity governance and administration (IGA) principles. From ransomware to supply chain intrusions, high-profile cybersecurity events frequently take advantage of weak identity and access management procedures. The Identity Defined Security Alliance found that 84% of organizations experienced an identity-related breach during its one-year study period. Robust IGA system Consequently, organizations need to find best-of-breed solutions for each section of the fabric Some of the most well-known cyber-attacks have not been made possible by a nation-state exploiting a remote zero-day vulnerability; rather, they have been made possible by something as basic as a hacked orphaned account. This resulted in lateral movement from an insecure platform to a high-value system, illegitimate privilege escalation, or unsanctioned access to a computer system. To safeguard against such attacks, organizations must be aware of who has access to their systems and apps, and guarantee that access is revoked when it is no longer required. Here, a robust IGA system is helpful. It is not the whole picture, though; IGA is part of a larger identity fabric. A report by KuppingerCole noted that “Identity Fabrics are not necessarily based on a technology, tool or cloud service, but a paradigm for architecting IAM within enterprises.” The report pointed out that the paradigm is created using several tools and services. That’s because, contrary to marketing claims, no one vendor has a platform that provides all the needed elements. Consequently, organizations need to find best-of-breed solutions for each section of the fabric. Threats to the new corporate landscape Due to their exclusion from the corporate firewall and the security culture that comes with working on-site, remote employees and third parties are desirable targets for hackers. The transition to online office suites is another vulnerability that hackers are taking advantage of–for instance, through bogus authentication login dialogs. Additionally, hackers are using technologies like machine learning and artificial intelligence to circumvent current security tactics. A cyberattack powered by AI will imitate human behavior and develop over time. Even publicly available information might be used by this "weaponized AI" to learn how to get past a target’s defenses. CISO and the business users Attackers will finally find an entryway, but firms can protect the new perimeter–their identities It's no longer possible to secure the traditional perimeter. Attackers will eventually find an entryway, but businesses can protect the new perimeter–their identities. To defeat these threats, organizations must look again at identity and access management tools and how they are weighed against the impact on the organization. Should you mandate multi-factor authentication (MFA) more often and earlier? Should only company-owned devices have access to networks, or should access be restricted to specific business hours or regions? Should access to sensitive information and critical systems be given just temporarily or should it be offered on a task-by-task basis? Both the CISO and the business users they assist should be asking these questions. Staying ahead of threats with identity Access control limits decrease dangers but can come with a cost. If you give your users too much access, your organization becomes susceptible; if you give them too little, productivity suffers. But there are ways to strike a balance with security, compliance and productivity. More CISOs are turning to Zero Trust–which is based on the principle of maintaining strict access controls and not trusting anyone by default–to protect their systems from new attack types. However, Zero Trust is reliant upon having a thorough and baked-in strategy that underpins it.  Other actions that companies can take include implementing automation for identity management, such as automating workflows for approval. This would significantly lessen the administrative burden and friction that security solutions like multifactor authentication (MFA) or time-restricted access to critical systems have on business users. This might include restricting access to particular devices, capping access hours during the day or enforcing MFA based on user behavior. Identity fabric: Putting it all together Make sure your identity architecture is scalable, secure, and provides a seamless user experience These are just two elements of the identity fabric approach. Most organizations today have implemented pieces of an identity fabric, which is basically an organization’s identity and access management (IAM) infrastructure and typically includes a mix of modular IAM solutions for multi-cloud and/or hybrid environments. Now, organizations need to define, enhance and develop this infrastructure. They must also institute guiding principles for how it should operate, meet current and future business requirements as well as identity-related cybersecurity challenges. In doing so, businesses can move past identity platforms and adopt an identity fabric perspective. The key is to make identity governance the starting point of your identity fabric strategy, ensuring seamless interoperability within your identity ecosystem. Make sure your identity architecture is scalable, secure, and provides a seamless user experience. Aligning security with business Due to the increase in knowledge workers using the cloud and working remotely, attackers are focusing on this group. These employees are easier to compromise, give access to valuable data and offer more attack targets. Knowledge workers also lack an administrator’s level of security expertise. Therefore, as part of their security fabric strategy, enterprises require a scalable IGA system. It is easier to comply with security and access regulations and takes less time for IT teams to do normal administrative activities when they invest in IGA, a crucial tenet of identity security. CISOs and boards, though, are currently looking at more than identity management. IGA is at the center of the debate about security and governance. Taking an identity fabric-based approach, with a foundation built on modern, cloud-based IGA, will safeguard identities, increase productivity, and make staff adherence to organizational procedures easier.