Two-thirds of enterprises were breached an average of five or more times in the past two years. The technology of the past – including firewalls, virtual private networks (VPNs) and anti-virus software – has proven to be an ineffective form of protection.
As a result of these breaches, nearly six billion data records were lost or stolen in the past few years. That's an average of over 165,000 records compromised every hour!
In order to safeguard our important assets and reduce the risk of breaches in the midst of this new threatscape, we must rethink how we approach security – and we need to do it now. The global mobile workforce will reach 1.87 billion by 2022 – or 42.5 percent of the entire global workforce. And the more employees use the cloud to access data remotely, the greater the risk. Statistics paint a bleak picture for organizations with a static perimeter-based security method of the past. Cybercriminals take aim at identities, from all types of users; from employees and partners, to privileged users and vendors. These identities are easier to steal than ever before – and traditional security measures, like passwords, prove no match for these attacks.
Nearly two-thirds of all recently confirmed data breaches involved weak, default or stolen passwords. Cybercriminals have many resources at their disposal to get their hands on both end-user and privileged user identities. Targeted social engineering attacks allow hackers to manipulate individuals into disclosing sensitive information by impersonating a trustworthy source. Two subsets of social engineering attacks – phishing and spear-phishing – trick individual employees and enterprises into opening a malicious link and disclosing sensitive information.
The boundaryless hybrid enterprise is not protected against breaches. It's time for a massive rethink of security, because we need to move towards next dimension security.
Next dimension security adapts as new threats emerge. Cyberthreats are constantly getting more targeted and sophisticated, and static security methods of the past simply can't keep up. Next dimension security expands as your enterprise continues to incorporate cloud, mobile, IoT and other technologies – a seamless defense effortlessly following users as they work across applications, tools and environments.
Identity services automatically provision user accounts, seamlessly manage and authorize access with context-aware controls, and record activity. Identity services control access by all users – from employees to contractors to partners and privileged users – to the information and apps that are appropriate for their role and function. Next dimension security protects access to applications and infrastructure for all users, from any device, anywhere.
Adopting identity and access management (IAM) best practices significantly reduces the likelihood of a data breach enabling secure access to applications and infrastructure – from any device and for all users inside and outside of your enterprise. Additionally, the more mature your enterprise's IAM practices and technology, the more security, productivity, transparency and efficiency benefits you can expect to achieve.
In a Forrester IAM maturity study, a key marker of IAM maturity is preventing unauthorized use of privileged accounts – Forrester predicts that 80 percent of breaches involve privileged credentials. Centrify Identity Services helps your organization consolidate identity, authentication and access management across over 450 platforms – including Linux and UNIX. Privilege elevation security, based on roles and responsibilities, is swift and seamless. Secure remote access enables you to secure all administrative access, regardless of location, with context-aware MFA.
As both enterprise cloud usage and the number of mobile workers continue to increase, it is more critical than ever for your company to be able to secure all the applications integral to your business.
With Centrify Identity Services, you can deploy single sign-on to thousands of preconfigured web and mobile applications and add new applications in a matter of seconds. Centrify Identity Services also strengthens security for cloud and on-premises applications with adaptive multifactor authentication (MFA) that enables you to choose your authentication methods and elevate privilege based on real-time user risk scoring from the Analytics Services. Integrated Enterprise Mobility Management (EMM) provides IT administrators with a single portal to manage users and mobile devices and promotes context-aware access to all of your enterprise app and infrastructure.
Rethinking your approach to security can keep your enterprise's complex digital canvas of identities protected in the age of access. It's time to redefine security from a legacy static, perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise through the power of identity services. It's time to take action.
By David McNeely,
VP of Product Strategy