Building a mature IAM environment

A cursory review of consumer or business media is all that's needed to uncover countless stories of enterprises being breached. It doesn't matter how large or small the company is; if it's connected to the internet there's a good chance that someone is trying to pick the proverbial lock that keeps bad actors out of the corporate network. In a January 2017 study commissioned by Centrify and conducted by Forrester Consulting, 66 percent of organizations reported having fallen victim to a data breach an average of five or more times within the past two years. Hackers compromised more than one billion identities in 2016 alone. Clearly, traditional security measures are failing to safeguard against the majority of breaches. In order to avoid financial and reputational ruin, organizations must rethink their approaches to security. The study found that organizations that closely scrutinize and secure both regular and privileged access are more likely to have never been breached than those which adapt fewer Identity and access management best practices. The report concludes that there are 15 best practices for assessing the maturity of your IAM environment. They include:        1.      Enforce context-aware multi-factor authentication (MFA)        2.      Consolidate identity stores into a single directory        3.      Implement single sign-on        4.      Conduct periodic access review for administrative and privileged users        5.      Limit access for remote administrators, contractors, and outsourced parties to just the apps                  and systems they immediately require        6.      Govern access though time-bound and temporary privileged access        7.      Automate role-based provisioning to apps and infrastructure        8.      Automate mobile application provisioning and deprovisioning        9.      Automatically deprovision privileged users' access as they terminate      10.      Implement least-privilege access for administrators      11.      Centrally control access to shared and service accounts      12.      Eliminate the use of shared administrative accounts      13.      Manage privilege elevation at the granular command or app level      14.      Actively monitor privileged sessions and/or commands      15.      Record all privileged sessions and/or commands Businesses with the lowest IAM maturity experienced more than twice the number of breaches than those with the highest lAM maturity (12.5 versus 5.7). Organizations can improve IAM maturity by moving toward centralized identity and access controls. At the second level of IAM maturity, 27 percent of these businesses use centrally controlled access to shared and service accounts. Some 23 percent actively monitor privileged sessions and/or commands. At this level, companies can improve their security by implementing MFA across the network. Some 45 percent of level three organizations experienced improved time-to-market for new products and services versus only 21 percent of those in level one. More than half – 53 percent – of these organizations record all privileged sessions and/or commands. Level four companies had half the number of breaches and $5 million in cost savings compared to level one firms, according to the study. Some 69 percent of these businesses have centrally controlled access to shared and service accounts while 57 percent enforce context-aware MFA. The numbers speak volumes: mature IAM organizations see 50% fewer breaches, save $5M and spend 40% less in technology over their less mature counterparts.  When it's all added up, it's becomes clear that organizations need to completely rethink their security approach, and in today's world of access they must increase their Identity and Access Management (IAM) maturity to more effectively reduce the likelihood of a data breach.

By Chris Webber, security strategist and director of product marketing, Centrify

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.