Identity is the new battleground – CyberArk

Hello everybody. Let us picture a scenario from five years ago. Most businesses had traditional IT setups. Digital was not a far cry, but wasn’t the reality as it is today. Some businesses were migrating towards cloud and mobile. But even then, the speed of digital and cloud migration was a lot slower than what it is today. A strong security perimeter housed the resources that needed safekeeping. The belief simply was that if our perimeter is secure, malicious intent stays out.

Over the last five years, the technological advancements, health, business, political and economic conditions have initiated a shift at a far greater pace towards cloud, digital and mobile. This means that today the resources that need safekeeping are no more captive on our premises. They are either hybrid, or completely outside the perimeter. In addition, not all users are on office networks. They are increasingly accessing these resources (applications, assets, services, information) through public and home networks. These alternate approach paths offer an attack path to the organisation’s assets.

The time when IT admins were considered privileged lies in the distant and not-so-distant past. However, since recent past, ‘privilege’ has been extended to other identities. Depending on their role in a given context, it could be our own remote user, vendor, customer, a device or an application.

Let us understand what is happening here and what is at stake. Organisations want to deliver better services to employees and customers, stay ahead of competition, and stay relevant in today’s technological context. To achieve this, an increasing number of organisations will go digital and embrace cloud and mobile. This means three things are on the rise:

  1. Number of applications that users need to do their job.
  2. Number of identities that an organisation needs to secure.
  3. Number of networks connecting users to organisatonal systems.
  4. Number of attack paths to an organisation’s sensitive resources.

Now imagine a context in which an individual has to memorise multiplicity of IDs and passwords to access resources through multiple apps via multiple networks. An organisation will work towards securing all the apps and identities through the use of IDs and passwords. And the users, to save themselves the trouble of maintaining multiple passwords, will come up with passwords that are weak, common or reused across various applications. As a CISO you now have a risk staring at you.

“At Erasmith we realise that the problem definition expands from here. It is because the number of users with access to highly sensitive resources through the apps they use is on the rise. So a clever organisation would not just want to secure identities and credentials, but also sessions.

Maintaining multiple credentials (ID & password) to access multiple applications and websites would be nightmarish. This is where the single sign-on (SSO) authentication method comes in. It enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

The SSO solution we deploy has three features that are of use here:

  1. It is password free SSO solution for securing identities and credentials for individuals.
  2. When there is a team that uses shared password, use the workforce password management feature of SSO comes into play.
  3. Moreover, when an individual or multiple individuals have access to super sensitive resources, use the secure web sessions feature of SSO.

But wait. Password free SSO? Did we mention that right? Yes we did. We deploy this SSO solution for our customers’ systems. It works well on on-premise, hybrid and cloud instances. The system makes the user to authenticate with advanced MFA like scanning a QR Code followed by biometric authentication to the application. If the SSO solution trusts the person logging in, it streamlines user’s access across multiple applications. If it senses any suspicious activity through its AI capabilities, then it uses automation to block whoever is trying to get in.

You may ask that how does the SSO solution know whether the person logging in using QR Code is legit? This particular SSO has inbuilt capabilities to use behavioural and contextual analytics. And therefore, it can assess risk and automatically adapt its access control. Once an individual user has been authenticated at the workstation level, SSO knows that the device they are using is trusted. So for the SSO this is a low risk session.

How about when a team is using shared password for a particular app(s). Attackers look to exploit vulnerability like that. This is where this SSO’s Identity Workforce Password Management feature comes handy. The SSO provides a portal where all such apps are housed. And once the users accessing this app have been authenticated, and the session identified as low risk, only then are they brought to this portal. The SSO solution leverages machine learning & AI to ensure that it is only adding extra layers in the process for the users when a true risk has been identified.   

Let us look at a third scenario when a non privileged user, or a common user gets access to single / multiple high risk apps that provide access to sensitive information. For example, an HR back office checking personal records. This again becomes a high risk situation – exactly something that an attacker is waiting for.

This is where this SSO’s Identity Secure Web Sessions feature steps in. Apps that have an extra layer of protection for secure web sessions are at a much lesser risk here. The moment a user steps into an app like that, SSO first checks if the browser extension is in good condition. Furthermore, it lets the user know that her / his activity is being recorded.

Traditionally you have got to come through thousands of logs to gain insights into a potential security incident that took place in an app session. But with this SSO’s identity secure web sessions you get streamlined access to all the intel you need.

Attacks and threats are a constant in today’s world. Consequently, there are only two types of organisations — those who have lost data, and those who will. Which of these are you?

, , , , , , ,