Identity security starts with authentication: proving you are who you claim to be is the first step in enforcing organizational security—but it’s far from the last one.
Think of a bar, where authentication is checking IDs at the door and deciding which patrons are allowed to enter. If that was the end of that bar’s security, then after I was allowed inside I could flip over a table, rob the register and then go on my merry way.
Suffice it to say, I can’t do that: there are enough controls within the bar, after authentication, to prevent me from becoming too much of a nuisance.
But for too many organizations, post-authentication security is a major blind spot. Why? Because many organizations don’t have an initial understanding of who should have access to what, when, where and why.
That understanding can be a major asset in moving toward zero trust and preventing lateral movement within a network. In other words, it can help security teams identify breaches and minimize their impact much faster.
Having that understanding baked into an organization’s security posture is becoming increasingly important as businesses everywhere adapt to hybrid work models. The pandemic nearly tripled remote work, leading to a significant spike in access requests.
Businesses must understand what resources employees need to do their work in order for them to stay productive. But they also need to balance workers’ productivity and default entitlements with security, de-provisioning accounts as soon as they go offline: hackers breached Colonial Pipeline’s networks using a virtual private network account that was no longer in active use. Smart identity governance might have known that that VPN account shouldn’t be able to access the company’s network—and in fact, may have deleted it automatically altogether.
Ensure the right people have the right access
On Thursday, July 22 at 1 PM eastern, we’ll discuss how businesses can start developing identity governance and administration (IGA) program that provide the post-authentication security that today’s businesses need to maintain productivity while still ensuring security.
We’ll hear from Hector Monsegur, Corporate Pen-Tester and Expert Security Researcher, Alacrinet, and Christopher Williams, Solutions Architect & Field CTO, SecurID on how new tools can provide businesses with the ability to automate access decisions, reveal anomalies and control the identity plane.
Specifically, we’ll discuss:
- What happens when a pen-tester can gain access and move laterally within a corporate network, and how IGA can limit that kind of movement.
- Whether ‘user-centric’ identity is still a possibility and how it aligns with IGA.
- Convenient ways to set role-based access control to authenticate users, soles, systems, applications, and data.
That’s just a start—if there’s something that you want us to discuss, send your questions to @SecurID_IAM and make sure to register for the webinar to ensure that the right people have the right access.