Back in the old days, information security was straightforward. As in pioneer times, you protected the perimeter to ensure the centre stayed safe. Entry and exit points were clearly defined and formally guarded, so only authorised personnel gained access. While there were occasional breaches, this security model was strong.
That model is now collapsing. Security breaches are frequent and often massive.
In March, Premera Blue Cross revealed that a cyber-attack that may have compromised customer data, including bank account and clinical data going back to 2002, affecting 11 million people. While definitive details are still unavailable, it is widely suspected that the hackers gained access to unencrypted information through compromised identity credentials. Over-dependence on passwords for protection has played a role in many major security breaches during the past year, including eBay and JP Morgan. A New York Times report last year noted that hackers were able to steal information about more than 83 million JP Morgan Chase customers after obtaining the credentials of a JP Morgan employee with privileged access to servers containing that customer data. The scale of these attacks is breathtaking: Even more disturbing is their cascading consequences if the stolen identity data is used to fuel future privacy invasions.
So if compromised identity is the cause of the problem, what can you do to protect it?
Firstly, we need to define the problem. At the moment, the identities stored on our enterprise networks are protected only by a flimsy password. As noted above, compromised passwords have caused catastrophic security ruptures for tier one organizations during the past year. The problem with passwords is they are impossible for employees to use effectively. With each of us requiring dozens if not hundreds of passwords in our personal and professional lives, it is inconceivable that any employee can remember all of these, make them all unique and not simultaneously despair at having to reset them every 90 days.
The bottom line is that our dependence on password-only protection — regardless of the complexity of the password — now actually undermines our security.
The next step is to identify how we can move on to post-password protection. Fortunately, Identity and Access Management (IAM) is clearly established as a specialist area. Leveraging existing identity infrastructure, such as Microsoft Active Directory, IAM can deploy single sign-on (SSO) technologies to greatly reduce the number of passwords that users require. This must be combined with multi-factor authentication to remove our reliance on the currently prevalent “plain old passwords can get you into anything” approach that is the cause of so many breaches. Combined with enforceable policies such as Least Privilege Management – which only gives users the access required for their organizational roles — enterprises can significantly lower the risk of security breaches.
The third, and most important step, is to choose the right partner to provide the infrastructure that frees your organization from its password dependence. Identity and Access Management is too important to entrust to a generalist, even where that is a trusted provider such as your IT department or legacy technology suppliers. It only takes one mistake — the weakest link in the chain — to expose your organization to massive financial cost and reputational damage.
Centrify Corporation, the leader in unified identity management across cloud, mobile and data center, is trusted by more than 5000 customers worldwide, including nearly half of the Fortune 50 and more than 60 Federal agencies. Centrify’s unified identity management software and cloud-based Identity-as-a-Service (IDaaS) solutions leverage your organization’s existing identity infrastructure to enable single sign-on, multi-factor authentication, privileged identity management, auditing for compliance and enterprise mobility management. As a result, Centrify customers can typically reduce their total cost of identity management and compliance by more than 50 percent, while improving business agility and overall security.
Identity and Access Management is too important to entrust to a generalist. Only a proven specialist partner such as Centrify can provide the protection you need in a world where there’s no perimeter to protect.