Network Security

Securing the borderless enterprise: The role of IAM

Securing corporate resources and sensitive data has never been an easy task, but in the past, there was a clear and defined perimeter around important information, allowing IT teams to laser focus their security budgets and efforts. Today, this perimeter is virtually non-existent. 

Cloud, mobile and security as a service (SaaS) platforms have become the new normal, and paired with the explosion in digital identities, these forces have made the traditional perimeter all but disappear. As a result, traditional approaches to identity and access management (IAM) have quickly become obsolete. Not only are they rapidly falling behind in protecting the enterprise against fraudulent log-ins, but they also cannot properly scale to accommodate the fast-growing numbers of users accessing networks via cloud services and mobile platforms.

A different type of defense must be implemented to adapt to this new normal and secure a borderless enterprise from an ever-changing threat landscape. More specifically, IT departments today need a system of identity and access management that is more dynamic, agile, intelligent and risk-aware: in short, adaptive IAM.

Whereas traditional IAM approaches guarded stationary perimeters around data largely in one, centralized location, adaptive IAM creates a dynamic “situational perimeter” that patrols and safeguards against attacks at every point at which users interact with data and resources – not only across various devices and platforms, but throughout the entire process of interaction.

Today's advanced threats and multi-vector attacks can strike at any moment during the user experience, and many of today's IAM solutions are too primitive to spot suspicious behavior. IAM systems today assume that users providing correct credentials at first log-in can be trusted, but the fact is that establishing trust cannot just be a one-time thing. It must be checked and re-checked with each interaction between user and protected resource, and these constant checks must generate user intelligence that helps to constantly readjust and improve security levels at every next interaction.

So how do we achieve this new level of responsive, adaptive, intelligent security? The concept rests on four basic principles:

  1. Rich user profiles should be used to compare real-time user activities and behaviors against a historical baseline, with significant deviations from “normal” behavior signaling security problems.
  2. Big Data analytics must be applied to massive data sets in order to assess risks and distinguish “good” behavior from bad.
  3. Monitoring and risk-based intervention should be implemented to keep track of what users do after initial authentication, and adjust access controls to measured risk levels. Users must be interrupted with additional authentication requirements when unsafe activities are detected.
  4. Consumer-level convenience must always be top of mind, meaning identity controls and risk assessments must occur behind the scenes, intruding upon corporate end-users only when necessary.

While these principles are fairly straightforward, the path to adaptive IAM will not necessarily be a quick or easy one. First and foremost, companies must rethink the way they think about security to take into account the way their employees are interacting with company data. Employees are no longer accessing information on one central server from the PC in their cubicle; they are interacting with it at home, on the go and from a pool of devices that grows every day. Nearly as important as this shift in perception for companies, however, is security vendors needing to develop solutions to meet this new state of mind, as well as provide a smooth migration path for customers. 

In reality, we are likely a few years from this IAM ideal, but progress is being made and more importantly, the charge has been set forth. IAM solutions must adapt as fast as the rapidly changing threat scenarios they protect against. By implementing an IAM solution that is adaptable, intelligent and dynamic, we can establish effective, situational perimeters around the borderless enterprise and arm ourselves for the front lines of today's cyber security battle.

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Related

New Muddled Libra attacks set sights on cloud

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.