Recently, Illinois Governor Bruce Rauner unveiled a broad-based cyber security plan. He announced the framework of his team’s plan for better cyber security, but it only covers the executive branch agencies.
This approach of only implementing a plan to provide cyber security tools to select areas and users because they are deemed more important is known as a “privileged user.”
This is only a partial solution because everyone in the organization is a “super user” in today’s technology driven organizations — everyone has a need to access technology that contains some level of meaningful information. All technology in organizations are important and all users have privilege to gain access to the network at some level.
This security issue is significantly increased by each user ID and password that each associate needs to do his or her job. Moreover, in today’s world the need for access doesn’t only lie behind the firewall — it is everywhere that an associate, consultant, supplier, vendor or partner has a laptop or smartphone.
Implications of a Partial Identity Solution
To provide some frame of reference, think of a relatively small organization that has 1,000 associates with 30% of them working remotely, each having on average four user IDs and passwords. That is 4,000 opportunities for an identity to be compromised. Think about state, federal or commercial organizations with tens of thousands of people: they have user IDs and passwords that count in the millions for employees that work on-premise and remotely.
This is important to recognize because history has shown that the vast majority of data breaches are caused by compromised credentials. If an organization decides to provide cyber security to only part of the organization and to select users, then that leaves an extremely large risk surface. It exposes an organization’s infrastructure and applications at every level. Once a good hacker compromises just one identity, he or she can then infiltrate an organization and move laterally and horizontally through it.
Too many organizations take the same approach that Governor Rauner’s plan has taken to cover only part of the organization and a select group of users — this does not set them up for success.
A far better approach is to implement a complete platform built on a common architecture that leverages standard technology used today to secure access to infrastructure and applications from any device for all users.
Learn about Centrify ‘s extensive history of delivering a comprehensive solution for the federal market here.