IAM Enterprise Temperature Check

Managing the identity ecosystem for enterprises has become increasingly complex over the last two years. From the increase in cybercrime spurred on by the COVID-19 pandemic to the surge in remote work—that is not going anywhere anytime soon—enterprise security teams are having to juggle an unprecedented number of challenges and priorities when it comes to identity access management (IAM).

IAM has long been overlooked in terms of cybersecurity management, often because organizations have viewed it as falling under the purview of HR or the IT help desk. However, considering 61% of all data breaches involve credential compromises—be it via theft or brute force attacks—more and more organizations are beginning to view IAM as a core component of their cybersecurity health. Furthermore, with the cost of the average cybersecurity breach approaching $6 million, enterprises can ill afford not just the reputational toll of a cybersecurity incident, but the financial consequences as well.

AppSec/API Security 2022

Best Practices for IAM

With that in mind, looking ahead to the second half of 2022, below are several best practices for identity and access management that enterprise companies need to keep in mind as cybersecurity challenges continue to crop up.

Clarify Ownership of All Identities

Make sure to clearly define the individual or entity responsible for the creation, removal, ongoing maintenance and security of IAM within your organization. Identity should include four categories: Employees, contingent workers (contractors or third-party identities) machine identities (bots, RPA, application to application accounts, built-in IaaS accounts) and customers.

Establish Unique Identifiers

Ensure the uniqueness of every human and non-human identity in your directory. Identifiers should be established and used regardless of the relationship to the organization; for example, a contractor who converts to an employee or a boomerang employee should maintain the same identifier when they return to the organization.

Authoritative Source of Trusted Identity Data

Authoritative sources for identities provide essential data to make informed decisions regarding user access, including what access to provision and when to enable/disable that access.

Discovery of Critical and Non-critical Assets and Identity Sources

In a digitally driven business world, today’s infrastructure, applications, directories and networks are spread across on-premises and in the cloud environments with mobile and virtual elements. The first step in securing an organization’s assets is to know what they are and where they are located. 

Privileged Access Management

To secure access to critical assets, implement a privileged access management (PAM) solution that allows for higher assurance during an authentication event based on the current access profile of a user, the sensitivity of the resource/data and the elevated permissions being requested. Provide additional protection by applying multifactor authentication (MFA) to privileged access and continuously discovering privileged access.

Automate Provisioning/Deprovisioning

Granting and revoking access to resources and data is fundamental to business operations and enterprise security. Automate the provisioning and de-provisioning of access through life cycle events (joining, moving, leaving) and ensure they are tied to an authoritative source.

Focus on Identity-Centered Security Outcomes

Identify security outcomes that protect the digital identities—both human and non-human—and secure their access to enterprise data and resources. Combine identity and access management capabilities such as authentication, authorization, identity governance and administration with security capabilities, such as user behavior and device profiling to make informed access decisions. Consider related technology domains; for example, zero-trust network security, data access governance and endpoint protection, which all have a nexus back to identity security.

Establish IAM Governance Processes and Programs

Identify a cross-functional team that oversees the establishment and adherence to all IAM processes and policies and provides a vehicle to introduce improvements, as well as to determine the overall impact prior to making any IAM program changes.

Conclusion

As the cybersecurity industry continues to speed up, IAM will only become more important for enterprises. However, by keeping these few best practices in mind, enterprise companies can take huge strides in bolstering both their IAM and entire cybersecurity operations.


Lisa Plaggemier, Executive Director, National Cybersecurity Alliance, contributed to this article.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Julie Smith

Julie Smith is the Executive Director of the Identity Defined Security Alliance, responsible for executing the mission of the IDSA on behalf of the membership and the identity and security community. Throughout her career she has held various leadership roles in technology and solutions companies, including product management, product and solutions marketing and business development. Prior to joining the IDSA, Julie spent 12 years in the identity and security industry with leading vendors and solution providers.

julie-smith has 2 posts and counting.See all posts by julie-smith