The ever changing cyber security threat landscape is high on the IT agenda for enterprises as they attempt to deal with numerous threats and attacks. One area constantly under attack and a rapidly growing risk is user identities, numerous phishing scams, key loggers and social engineering are all attempts to compromise a user’s identity and their security credentials.
It is no surprise, organisations work very hard to secure their perimeters, applications and data, making it difficult for hackers, malware and malicious payloads to get onto a network and create havoc, however stealing valid user credentials is seen as easy prey and can circumvent much of this security. If you can get appropriate user credentials and logon to a system with valid identity then not only do you have access to all of the systems and information that user can access, you can do it almost undetected, valid user, doing valid things and when you spot that this user is carrying out unusual activity it can be too late.
The risk posed by the theft of credentials and identity is significant, how then do we protect ourselves, how do we build a security stack that is capable of providing robust identity management, securing user credentials and stop us being victims of an identity-based attack?
That is what we cover on this week’s podcast with my two guests, who I came across after reading some excellent blogs on the topic from my first Guest Amy Stokes Waters who is joined by her colleague Shelley Hill, who both work for identity security company, Identity Experts and provide some brilliant insights into this complex area.
We begin by understanding the component parts of our system identities and why we need to discover who has access to our systems and what they are doing. We also chat about why identity management goes beyond technology and how building strong identity security needs us to take a wider view of how we manage user credentials within an enterprise.
We discuss why automation of processes and management is going to play a significant part in the identity security model as well as the increasing importance that intelligence and analytics will play in offering effective identity control.
Shelley and Amy share some thoughts on both the importance of multi factor authentication and the importance of encouraging our users to not only operate this technology in the enterprise, but also on their own consumer technologies and social applications. Amy also shares the risks that we introduce by maintaining “legacy” authentication methods.
We also explore how to effectively deploy security and how by using intelligence with capabilities such as conditional access, we can build strong identity security, but do so by not being intrusive to our users as we try to get the difficult balance between security and productivity.
We wrap up with Amy and Shelley sharing some ideas on how to effectively begin building your identity management platforms, from using tools that may already be available to you, documenting your current procedures and building an understanding of your identity maturity.
This is a fascinating topic and something that many enterprises are only just beginning to understand and start to address, if you want to learn more you can find Amy and Shelley on LinkedIn including these excellent blogs from Amy, Securing your digital transformation: Identity and Securing your digital transformation: Data.
Tech Interviews is heading off on its summer holidays, but will be back later in the year with some new shows, but in the meantime, if you have an idea for the show then email firstname.lastname@example.org
Have a great summer, thanks for listening.