SBN

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management (IAM) and cyber security risks in 2022?

Related: How IAM authenticates users

Here are a few important issues that relate to the changes in today’s working environment.

Reduce manual processes. Automation can help get rid of manual processes. Every company has a certain employee turnaround, and how they handle it can directly affect their bottom line. Ideally, new employees should be onboarded quickly, so that they can start working productively right away. Similarly, movers should be seamlessly enabled to work for their new department, and authorizations related to former job-functions need to be removed immediately.

So far, companies still have lots of manual processes when it comes to provisioning: Often, admins will create accounts and enter data manually into CRM and HR applications – an error-prone and slow process without any capabilities for proper compliance and audit reporting.

Automating these processes with the help of Identity Governance and Administration (IGA) tools should be a top priority for your IT department. For maximum effect, combine the automation of joiner, mover, and leaver processes with regular re-certification checks – e. g. recurring re-confirmations of initially assigned rights and roles in all connected systems by the employees’ manager – to reduce the risk of abuse and accidents.

Automation will also help you manage compliance, increase workforce productivity, and protect valuable assets from insiders – so placing it at the top of your agenda will really pay dividends.

Embrace zero trust. Zero Trust strategies are gaining a ton of momentum: Traditional perimeter-based security models offer no adequate protection in today’s hybrid working environments, and increasingly strict regulations force companies to look for alternative security models.

Klarl

CIOs and CISOs looking to implement a modern approach should combine the Zero Trust strategy with a strong, hybrid IAM solution to sustainably limit access and protect their data and resources. This will allow them to control rights and roles on a granular level.

This can also help to ensure that each user can only access the resources they are entitled to. Password-less or Multi-Factor Authentication and strong authorization prevents attackers from gaining access to corporate resources and moving laterally within a network.

Adopt a defensive mindset. A major misconception among SMBs is that they are just not important enough to be a valuable target for attackers. Nothing could be further from the truth. No company is too small to be a target.

Right now, small, and medium businesses are among the most targeted companies, and they need to do everything in their power to improve their security posture – including implementing modern password-less techniques and zero trust-friendly measures.

Multi-Factor Authentication (MFA) can tremendously increase their access security and prevent phishing and social engineering attacks. In combination with risk-based access management, it will help SMBs to identify suspicious access attempts to systems and allow them to either deny access or to include an extra layer of security when deviations from usual usage scenarios are detected.

Secure critical infrastructures. A common denominator in many attacks is lateral movement within the network. This refers to attackers escalating their access rights until they gain access to the most critical digital assets.

To defend against this tactic, implement Privileged Access Management (PAM), which ensures that rights are granted according to the principle of least privilege. By granting each user only the minimal rights they need to perform their tasks, you can significantly limit the damage an attacker can cause.

Seamless PAM can help organizations secure their infrastructure and applications, efficiently maintain business operations, and preserve the confidentiality of sensitive data and critical infrastructure by adding an extra protection layer for administrator accounts or access to critical functions and systems.

Define an IAM strategy. As for your next steps, I would recommend walking through this list step-by-step. If you are unsure about your organization’s Identity and Access Management (IAM) capabilities, a dedicated IAM assessment will indicate the maturity of your current IT landscape and provide recommendations for the next actions.

Even before an assessment starts, you should define your targeted maturity level – organizations often have unique needs based on their type of business and risk exposure. The second step will be to determine the current state and perform a gap analysis followed by step three: identifying concrete actionable recommendations. You should end this exercise with the definition of a roadmap that outlines a clear path for implementing the single measures in a reasonable order.

About the essayist: Dr. Heiko Klarl is  Chief Marketing and Sales Officer, iC Consult Group, a Munich, Germany-based supplier of IAM solutions.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-5-steps-all-smbs-should-take-to-minimize-iam-exposures-in-the-current-enviroment/