When you stop to think about how 81% of all breaches stem from “compromised credentials,” aka identity breaches, an obvious target for progress within security emerges. With a percentage that alarmingly high, the industry should take note and turn the focus towards addressing the issue. This blog post will detail some simple identity security techniques that can be incredibly valuable when employed.
The Puzzle Around Identity Security
As you probably know, the IT landscape has gone through dramatic changes over the last two decades. It used to be that the entire network was on-prem and Windows®-based, and early on, this monopoly made it quite a bit easier to keep the network secure. Just make sure only the authorized people can get into the network and that your internal employees are all behaving reasonably well, and you’re pretty much set, right? Obviously, identity security and identities in general weren’t nearly as critical for the security puzzle as they are today.
Back then, almost everything was Microsoft®-based. IT organizations would just leverage Microsoft Active Directory® (AD) to be their identity provider and use AD to connect users to the IT resources they needed. Today, however, end users connect to a wide range of IT resources: AWS cloud servers, G Suite™ or Office 365™ for productivity platforms, Mac® or Linux® laptops, Slack, GitHub, Atlassian® web-based applications, and WiFi all around the world. As IT admins, how do you protect your users’ identity in all of these places when you don’t actually control them?
Fill the Missing Pieces with Simple Solutions
Well, the good news is there are a number of powerful yet simple identity security approaches you can implement. The first approach is to spark some behavioral change with your end users regarding their password habits. End users should make unique passwords that are as long as possible for each site they register to. Ideally, you should also add multi-factor authentication (MFA or 2FA) to each account as reinforcement. These two basic practices will help your end users dramatically step up their identity security. You’re (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by George Lattimore. Read the original post at: https://jumpcloud.com/blog/simple-identity-security/