Managing the identity ecosystem for enterprises has become increasingly complex over the last two years. From the increase in cybercrime spurred on by the COVID-19 pandemic to the surge in remote work—that is not going anywhere anytime soon—enterprise security teams are having to juggle an unprecedented number of challenges and priorities when it comes to identity access management (IAM).
IAM has long been overlooked in terms of cybersecurity management, often because organizations have viewed it as falling under the purview of HR or the IT help desk. However, considering 61% of all data breaches involve credential compromises—be it via theft or brute force attacks—more and more organizations are beginning to view IAM as a core component of their cybersecurity health. Furthermore, with the cost of the average cybersecurity breach approaching $6 million, enterprises can ill afford not just the reputational toll of a cybersecurity incident, but the financial consequences as well.
Best Practices for IAM
With that in mind, looking ahead to the second half of 2022, below are several best practices for identity and access management that enterprise companies need to keep in mind as cybersecurity challenges continue to crop up.
Clarify Ownership of All Identities
Make sure to clearly define the individual or entity responsible for the creation, removal, ongoing maintenance and security of IAM within your organization. Identity should include four categories: Employees, contingent workers (contractors or third-party identities) machine identities (bots, RPA, application to application accounts, built-in IaaS accounts) and customers.
Establish Unique Identifiers
Ensure the uniqueness of every human and non-human identity in your directory. Identifiers should be established and used regardless of the relationship to the organization; for example, a contractor who converts to an employee or a boomerang employee should maintain the same identifier when they return to the organization.
Authoritative Source of Trusted Identity Data
Authoritative sources for identities provide essential data to make informed decisions regarding user access, including what access to provision and when to enable/disable that access.
Discovery of Critical and Non-critical Assets and Identity Sources
In a digitally driven business world, today’s infrastructure, applications, directories and networks are spread across on-premises and in the cloud environments with mobile and virtual elements. The first step in securing an organization’s assets is to know what they are and where they are located.
Privileged Access Management
To secure access to critical assets, implement a privileged access management (PAM) solution that allows for higher assurance during an authentication event based on the current access profile of a user, the sensitivity of the resource/data and the elevated permissions being requested. Provide additional protection by applying multifactor authentication (MFA) to privileged access and continuously discovering privileged access.
Granting and revoking access to resources and data is fundamental to business operations and enterprise security. Automate the provisioning and de-provisioning of access through life cycle events (joining, moving, leaving) and ensure they are tied to an authoritative source.
Focus on Identity-Centered Security Outcomes
Identify security outcomes that protect the digital identities—both human and non-human—and secure their access to enterprise data and resources. Combine identity and access management capabilities such as authentication, authorization, identity governance and administration with security capabilities, such as user behavior and device profiling to make informed access decisions. Consider related technology domains; for example, zero-trust network security, data access governance and endpoint protection, which all have a nexus back to identity security.
Establish IAM Governance Processes and Programs
Identify a cross-functional team that oversees the establishment and adherence to all IAM processes and policies and provides a vehicle to introduce improvements, as well as to determine the overall impact prior to making any IAM program changes.
As the cybersecurity industry continues to speed up, IAM will only become more important for enterprises. However, by keeping these few best practices in mind, enterprise companies can take huge strides in bolstering both their IAM and entire cybersecurity operations.
Lisa Plaggemier, Executive Director, National Cybersecurity Alliance, contributed to this article.