When it comes to protecting your data in the cloud, external hackers are often the first risk that comes to mind. Whether you picture someone breaking through a firewall or a malicious party infecting you with a virus—the emphasis is usually on a breach of your security perimeter.
While external security is important, it also means that many organizations are overlooking a key issue—security breaches that originate from within.
Internally caused breaches are on the rise
According to a Forrester Research survey, internal breaches are the most commonly occurring cause of security incidents. Almost 40% of network security decision-makers indicated they had experienced an internal security breach in the past year.
While some employees intentionally commit their crime, there are also thousands of serious incidents that have been caused by stolen or misused credentials. Verizon’s 2017 Data Breach investigation found that 80% of hacking-related breaches leveraged stolen or weak employee credentials.
High profile examples include:
- Three Mobile: the personal information of more than 130,000 customers was compromised after a hack was carried out with a stolen employee password.
- Target: payment and personal information for 110 million Target customers was leaked after credentials were stolen from a HVAC vendor (who alarmingly had access to financial systems).
- Anthem Medical Insurance: hackers stole the personal information of over 78 million customers after obtaining technical staff credentials via an email “phishing” attack.
These enterprises had gone to great lengths to ensure the security of their systems. Despite their efforts, they were all let down by internal processes related to identity and access management, along with an inability to detect abnormal employee behavior.
What is Identity and Access Management?
Identity and access management is the process responsible for managing the users who make use of IT services, data or other assets. Its role is to make sure that users “can access the right resources at the right times and for the right reasons.” These processes can also serve to identify behaviour that is out of the ordinary.
Measures implemented as part of an effective identity and access management process could have assisted in preventing the hacks listed above. For example, a two-factor authentication system could have prevented the Three Mobile and Anthem Medical Insurance breach. Access management processes would also have prevented a HVAC vendor accessing financial information.
Why is it not being implemented?
With too many applications to access, employees resort to writing down passwords. This increases the likelihood that their credentials will be compromised.
Given the important role identity and access management plays in security, it’s surprising that many companies do not have adequate procedures in place. There are a myriad of reasons as to why:
- Focus on perimeter security: Enterprises are focusing on fortifying their perimeter, with less attention paid to internal processes.
- Vendor management: It can be difficult to properly assess the access management practices of vendors while balancing security with efficiency.
- Complexity of Enterprise IT: More applications are being used than ever before, including third-party cloud applications. The growing complexity makes implementing access management processes difficult.
- Poor password management: With too many applications to access, users start to write down / share credentials, increasing the risk of careless behaviour and opportunities for theft.
How can you protect your business?
When moving to cloud-based operations, it’s extremely important that you don’t neglect identity and access management processes. At a minimum, your identity and access management processes should include:
- Security monitoring: Processes in place to notify you if suspicious activity is detected.
- Entitlement management systems: Applications that streamline entitlement management procedures.
- Single sign-on: One log-in that enables users to access their applications and improve password management processes.
- Two-factor authentication: In addition to a username and password, two-factor authentication requires something accessible only to the user, such as a personal phone message.
- ISO 27001 certification: Validation that the provider adheres to international best practices for the protection of information, and that your processes are in compliance.
Are you managing access?
As we’ve seen, even the most secure organizations are vulnerable to breaches. To ensure our customers are safe, FuseForward built FuseSecure: a comprehensive, multi-layered approach to security that has made access management a key pillar of its design. We incorporate the features above in every cloud environment we deliver.
FuseSecure provide the security you need to secure workloads in one service, which we proactively manage and operate.
If you’re concerned about your identity and access management processes, don’t wait until it is too late to address them. Contact us us below today. We’re passionate about security and are happy to provide answers to any questions you might have.