This week in Identity Management, GDPR & Cybersecurity | 5.24.2018

Posted: 
May. 24th, 2018

Data Security Solutions44% of data breaches in the last year involved privileged identity according to global Balabit research report  

Solutions such as privileged access management (PAM) can help. Unlike traditional security systems, which see IT managers relying on manual methods of privileged user management, PAM provides replicable processes to track and manage privileged credentials. When it comes to an effective security strategy, there are three pillars of defense that need to be taken into account. The first line of defense should be Password Management tools which protect privileged credentials. The second should be Privileged Session Management, which continuously monitors privileged accounts to identify anomalous activity. The third pillar should then be Privileged Account Analytics, a continuous verification of users, based on behavior. Security teams can then identify whether a privileged account has been hijacked or if a trusted insider has turned malicious.  Read more...

 

Five recommendations for effective cloud security

Identity management ensures the right individuals are able to access the right resources at the right time, for the right reasons. One of the tricks for identity management in the cloud is to integrate and apply it everywhere possible—across users, groups, roles, system, service accounts, and SSH key management.  In cloud environments, identity management can be a versatile and reliable security control. Done properly, identity management creates a win/win for both users and security. Users benefit from quicker access to the resources they need, ultimately boosting productivity.  Read more...

 

Insider Threat Controls: What Are the GDPR Implications?

At this point, you are likely well-versed on the implications of GDPR for your business. One element is allowing customers in the European Union (EU) to express consent about the management of their personal data, which ties into consumer identity and access management (CIAM), a specific segment within the identity space. CIAM systems typically collect attributes like name, email address, social network accounts, age, gender and location. But without the user’s explicit consent, the collection of this type of data will likely violate GDPR.  Read more...

 

IoT needs to adhere to robust policies to avoid security risks

Identity management on the IoT network is different from the workforce or customer identity management. It demands a different and scalable solution with end-to-end encryption to minimize the risk of rogue devices and Man in the Middle attacks. With IoT, security is too important a feature to treat as an afterthought.  Currently, while IoT frameworks do have some level of security, it is insufficient to handle sophisticated and highly probable attacks. This means that the risk of hackers and eavesdroppers is huge.  Read more...

 

How Integris Health fortified data security with identity governance

"Identity governance allows us to align our policies and establish consistent, centralized access controls across the enterprise," Landers explained. "For example, we have contract nurses and therapists who are constantly coming and going and need access to systems and information to do their jobs. It's important for employees to have the proper access needed, in a safe and secure way, and it's also important for us to have visibility into user access across our applications."  Read more...

 

How to counter escalate cyber threats with security architecture

Chief information security officers (CISOs) and other information security executives increasingly find themselves in the line of fire, and not just from cyber attackers.  These security professionals are being bombarded with escalating demands and expectations from CEOs and corporate boards who find their digitally dependent organizations at significant risk from a wide variety of cyber threats.  As if these responsibilities weren’t enough of a burden, many CISOs face a frightening reality, their existing security tools and procedures are straining and breaking under the pressure of today’s network speeds and data volumes, leaving their enterprise exposed to cyber threats and malicious behavior.  Read more...

 

Cracking 2FA: How It's Done and How to Stay Safe

Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security. Multi-factor authentication is common but hackable. If you haven't implemented 2FA, there's a good chance you're in the process. It's a growing best practice, especially in the workplace where growing stores of sensitive data demand employees strengthen their login security. But 2FA isn't a guaranteed shield against cyberattacks. Read more...

 

The Cyber Security ‘Perimeter:’ Has It Simply Vanished?

The advent of cloud computing and mobile technology, along with practices such as bring your own device (BYOD), etc., have forced security professionals to approach their defense from a different angle.  Always at the back of their mind, it seems, lies the threat of a mega-breach – meaning immediate impact on the bottom line, tarnished brand reputation and all other components of a “crisis.” However, practices such as Identity and Access Management (IAM), Privileged Access Management (PAM), User Behavior Analytics (UBA), and more, have become crucial for the day-to-day operations of the security operations center (SOC). One must protect the entire grounds instead of simply ensuring that the moat is sufficiently soggy. Read more...

 

Author Information