With the wedding of Harry and Meghan behind us, the media is engaging viewers with other world events and we are back to our day to day lives. While security professionals are busy preventing enterprise identity theft vulnerabilities and cyber criminals are on the lookout for their next credential heist, the rest have put Buckingham Palace on the back burner. What is the connection?
Take a moment to think about the logistics surrounding the wedding on May 19, 2018: Thousands of reporters were present, and yet many details were not announced until days before – or even the actual day of the wedding, with particular protection around the secrets about Meghan’s dress, manufacturer and designer.
It turns out that the dress was designed by Givenchy, a brand that Duchess Markle had been a fan of for many years. Apparently, part of the secret of keeping the dress a surprise involved two small teams who signed nondisclosure agreements and then undertook their activities at private workspaces in Paris and in London. Miraculously, the secret dress stayed under wraps until the actual day of the wedding.
Web access management for secure collaboration?
Were the email messages sent and received by the designers and garment workers encrypted? Which employees of Givenchy had access to which applications and which credentials did they need to access the designs? Were the nondisclosure agreements signed physically or digitally; were they authenticated and stored over the internet? Which Royal Family staff and Givenchy personnel had access to the mockups and revisions?
Hard to confine digital data
While the interworking of Givenchy and the Royal Family network will remain privileged, it seems that part of the reason for the success of the secret was that the work was confined to locations which were secured physically. However, this is not always possible while working on designs of a global nature. Industries today no longer work in physical isolation. Their work environment has become increasingly complex due to globalization of markets, distance between industrial partners, suppliers and codesign methodology involving remote workers.
Cloud-based collaboration requires identity and access management
What’s more, the fashion industry and other global enterprises often collaborate on Computer Aided Design (CAD) software alongside cloud-based applications, such as Box, Dropbox, Adobe Creative Suite and Office 365. These are just some of the applications that can help organizations transfer large files, exchange email and even work simultaneously on the same online platform. In addition, enterprises require reports that provide visibility into login attempts into their ecosystem. An identity and access management solution as a service (IDaaS) can help fashion enterprises or governmental institutions ensure that only the right person receives the right information at the right time, without endangering the enterprise or its end customers.
Access Management Fashionable
The following are tips for a fashion company seeking to establish an access management strategy to suit working within and across diverse locations with multiple providers, suppliers and privileged staff:
Tidy up your groups
Make sure that your user groups are neatly defined in your Active Directory or other user store. This will make it easy to set up group-based policies. For example, designers should be associated with the designers group, and likewise for your Marketing, Finance, Sales, etc.
Establish a single sign-on baseline, aka, a global policy. Depending on your security concerns, you may want to have a high or low security threshold for launching a single sign-on session. You may want to deny all access by default, or alternatively, grant access on the condition that users launch an SSO session after performing strong multi-factor authentication.
Determine which scenarios or resources require extra security
Not all apps require the same level of security. By listing the resources or conditions that require special care, you can match risk policies to user needs, without sacrificing the convenience of single sign-on. For example, you may want to step up security—after launching a single sign-on session—for applications that store new haute-couture designs. Or, you may want to ensure that anyone accessing applications from outside the office does so providing an additional form of authentication (e.g. one-time passcode, PKI smart card etc.).
Set up policies to demonstrate regulatory compliance
Need to ensure GDPR compliance? Or perhaps PCI DSS? By setting up a policy dedicated to that regulatory mandate, you will be able to easily meet compliance audits. A GDPR policy, for example, could include all the apps that store EU citizen data, the user groups that should have access to that information, and the user access controls you want to enforce. For example, requiring only a password within the office, while enforcing multi-factor security for anyone working remotely or anyone working as a temporary contractor.
Keep scalability in mind
Looking to add an additional app to your fashion arsenal? Keep in mind that protocols such as SAML and OpenID Connect will help you provide that convenient user single sign-on experience. If your prospective solution supports those standards, that will be one less obstacle to productivity and chic.
From outsourced workers to the most restricted and privileged personnel, the fashion industry can be assured that the seams of their cloud-based applications are as secure as their physical hems.
Ready to design secure, yet convenient access management for your enterprise? Start with your first stitches by downloading the Matching Risk Policies to User Needs Fact Sheet or register for free to watch our demo of SafeNet Trusted Access.
*** This is a Security Bloggers Network syndicated blog from Enterprise Security – Gemalto blog authored by Ronni Kives. Read the original post at: https://blog.gemalto.com/security/2018/06/19/when-prince-harry-met-access-management/