Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Identity Access Management – Securing every Industry
One of the most effective ways for a business to protect their user identities is by reducing the risk of unauthorised access and removing the need to remember passwords.
Multi-Factor Authentication (MFA) and Single Sign-On (SSO) are the easiest and most common methods to reduce unauthorised identity risk.
MFA provides a strong and secure, easy-to-use security posture for staff, consultants, vendors and other third parties accessing company data. It ensures only trusted users and trusted devices can access this data and its applications.
Multi-factor authentication adds a second layer of security to an identity by essentially authenticating that identity against 2 of the 3 methods:
Something you know (e.g. Password).
Something you have (e.g. Mobile device or token).
Something you are (Biometrics).
Verifying your identity using a different factor (like your phone or another device – something you have) prevents anyone but you from logging in, even if your password is compromised.
SSO integrates with MFA so well because once a user is authenticated via a process of multiple authentication, a business can more confidently assume that the user is who they say they are and therefore can now access all of their enterprise cloud applications securely by logging into a web portal once, saving time and increasing productivity.
Threat Intelligence is available from a number of Government bodies, such as Australian Cyber Emergency Response Team (AusCERT), U.S. Computer Emergency Readiness Team (US-CERT) and the SANS Internet Storm Center.
Open source options have been developed such as the Open Threat Exchange and IBM’s X-Force platform provide publicly available feeds. These are often sponsored by a Vendor but made publicly available.
End User and Industry led sharing
A number of end-user (industry) led Threat Intelligence sharing platforms have arisen in recent years. One such example is the Financial Services Information Sharing and Analysis Center (FS-ISAC). These ISAC options can provide similar outcomes to commercial threat intelligence options with pricing at a cheaper or comparative price point. Such options fall into three generic categories:
- Public — Open to any organization or individual that wants to join (and contribute).
- Organisations and industry-led — ISACs are the best example of an industry, such as finance, that supports the creation of specialized capabilities that work to secure and reduce cyber risks in their industry verticals.
- Private — Often invite-only and are not known to the public. These are private sharing platforms sharing information behind closed doors.
We believe in a zero trust approach when it comes to user authentication.
This means that we verify every user, because we have to assume that we can’t separate the “good guys” from the “bad guys.” Traditional approaches that focused on establishing a strong perimeter to keep the bad guys out no longer work. Resources (data, applications, infrastructure, devices) are increasingly hybrid or outside of the business perimeter entirely.With Zero Trust, no actor can be trusted until they’re verified. It’s a holistic, strategic approach to security that ensures that everyone and every device granted access into a business is who and what they say they are.
The 3 elements of zero trust are:
- Verifying every user
Making sure people are who they say they are may sound easy, but when an organisation only relies on one verification method like SSO it may improve certain aspects of a security gap, but not all. SSO is best balanced with other technologies like multi-factor authentication and behavioural analytics to ensure that the user is properly verified and the interaction with their environment has a baseline. Once there is a deviation, an employee may be blocked until they are again verified.
- Validate every device
Ensuring the user has a safe device within the network can get complicated, with proliferation of different operating systems, versions, corporate owned and privately owned devices. What if a user device, irrespective of what device it is, could be validated against an adaptive MFA solution?When MFA-supported passwords are combined with a level of mobile device management, the right policies are put on the device, locked in place and the context of the device (where it’s used, what browser it has, etc.) is understood, it can be considered safe. Once confirmed as a safe device an access decision can be made.
- Intelligent limit access
It is important to consider a least privilege stance when granting access to different user roles. The idea is to understand what is required for that user to accomplish their job tasks.One needs to ensure that from day one the user is set up with the applications and accounts access they need to fulfil their job roles. When they change roles, their access likewise changes to fit their new job, or if they leave, those privileges are automatically revoked.It is essential that all these capabilities are integrated and work together so they can be applied in real time without adding delays.
According to a recent Forrester study, companies that adopted the Zero Trust approach were twice as confident in their ability to bring new business models and customer experiences to their market.
Managed Detection and Response is part of our 'Cyber Security' solution.
How can Secure-ISS assist?
Secure-ISS can assist your organisation in the assessment, implementation across the plethora of threat intelligence platforms.
If your internal capability is not resourced to make the most of a Threat Intelligence platform or feed, Secure-ISS offer a number of Managed Security Services (which include various Threat Intelligence feeds and suppliers) to reduce your organisation’s threat surface and overall business risks.