Identity and access lifecycle management is the core of any manual or automated Identity and Access Management (IAM) process, and an important element to help businesses counter cyber attacks. IAM is vital because 99% of attacks that result in malware infections require some degree of human interaction (Source: Proofpoint). If your business is able to have stricter authentication and authorization processes for cyber-based data then you are already reducing your risk of being cyber attacked.
The risk of account compromise posed by both insider and outsider threats requires organizations to act swiftly to ensure a robust identity and access lifecycle management process is in place to keep cyber attacks at bay. The ultimate goal is to properly control and manage access to the most important parts of the business, ensuring that employees only have access to what they need to perform their job duties.
Some in the industry use the term ‘Single Sign-On (SSO)’ interchangeably with effective account and access management, but this is not the case. Although SSO is a good way to improve user experience, it is only a subset of access management. IAM is still required in these cases, and is often considered even more important when using SSO.
Organizations can follow these steps for better identity and access lifecycle management:
Clearly define your organization’s access control model and ensure that you have all the relevant elements to implement it. Determine permissions required for each application, network, shared drive, and storage.
The National Institute of Standards and Technology (NIST) recommends the use of passphrases, and the elimination of the forced password expiration policy that leads to poor employee cybersecurity practices for many companies. In order to effectively leverage this recommendation, your organization must define, communicate and implement multi-factor authentication and a strong passphrase process that ensures common and compromised passphrases are not used.
Use the ‘least privilege principle’ when onboarding new employees and provisioning their access; This will ensure that they only have access to what they need. It is important to ensure that the provisioning process exists and is being followed properly. Ensure that promoted or demoted employees’ access are also being monitored and changed accordingly.
We hear about these terrifying stories all the time – an employee leaves, and yet their access to vital systems and information remains the same! This is extremely dangerous and can even lead to classified or proprietary information being changed, or even stolen by an authorized user. The deprovisioning process within IAM is as critical as every phase of the user’s identity and access lifecycle.
Performing regular audits against your users’ identity and access privilege is the best way to ensure that your process works, and is being followed by employees. Most importantly, it helps keep your organization safe against cyber attacks and internal threats. There are many instances where dormant active accounts are found during audits, so let’s ensure that we find gaps before bad actors do.
It is recommended by Euclid Security that the audits occur at least quarterly with an emphasis on checking approved privileged accounts.
To summarize, organizations no matter how small or large must take the IAM seriously to thwart cyber attacks that leverage user’s permissions to cause harm. Cyber attacks are consistently becoming more common, so you should be taking every precaution available to protect your data and business.
At Euclid Security we offer professional cyber security consulting services including, auditing, vulnerability assessments, penetration testing, cyber security training, and much more. Additionally, if your business needs any help with identity and access lifecycle management then we would love to help out. Feel free to get in touch for a no-obligation discussion.