Australian Identity Access Management professionals are being urged to solidify identity as the foundation of their organizations’ cybersecurity posture, as mismanagement of significant exposures, including machine identities, puts many organizations at risk.
Speaking at the Gartner Security and Risk Management Summit in Sydney, Gartner Vice President Analyst Felix Gaehtgens argued that IAM practitioners should support investment in mature IAM projects centered on an identity structure approach within the organization.
Gaehtgens said organizations can build resiliency through better IAM hygiene. He warned against allowing technology providers to lock data into silos and use AI without first getting the right data. One suggestion is to adopt a product management approach to engage different stakeholders.
IAM is now at the heart of a mature cybersecurity posture
Over the past few years, IAM leaders have faced a fundamental shift in the identity landscape, Gaehtgens said. This is mainly because they now “expect to create centralized control in a fully decentralized world” to protect cybersecurity.
Gaehtgens said employees working from anywhere have eroded the value of traditional security controls at the perimeter, while assets, data and applications are now protected by different types of access controls – many implemented by third parties such as cloud providers.
Advanced: Consider creating a cloud security policy.
“Boards ask three main questions to CISOs: ‘Are we secure?’, ‘Are we compliant?’ “What about artificial intelligence? “Gaehtgens said. “IAM is at the center of it all. This role is becoming increasingly important. Why? Because it is the safe center of the new world. “
The rise of machine identity
The growth of machine identities, in addition to human identities, has become a “big problem,” Getgens said. Today, there are 10 to 45 times the number of machine identities in organizations, many of which are extremely privileged, making them a huge, unmanaged cyber risk.
Organizations should put identity first with a mature IAM program
Gaehtgens said moving identity to the center of cybersecurity is key.
“Many of you have a lot of tools, but don’t really have a good, effective IAM program – this is your opportunity,” Gaehtgens said. “It’s the control plane and foundation of cybersecurity – that’s where the focus needs to be.”
IAM programs should make identity management “consistent, contextual, and ongoing” and be supported by IAM leaders who are willing to build relationships outside of IT.
continuous
Global regulations aim to protect personal data wherever it resides, including databases, unstructured files, data in motion or at rest, Gaehtgens said. What this means, says Gaehtgens, is that while organizations have a vast array of tools, they need consistency in the access policies they apply.
contextualization
Policy needs to be dynamic and situationally aware.
“Just because someone has access to a folder doesn’t mean they should be downloading 30 documents per minute – that’s not typical for a human and could be a sign that their account has been taken over by a bot,” Gaehtgens said.
continuously
The future will see continuous adaptive trust applied throughout the session. Gaehtgens said single sign-out is coming, which will involve the ability to terminate multiple sessions across systems based on user events, which he said will become the norm for users.
lead
To implement IAM initiatives, IAM leaders need to strengthen relationships outside of IT. Gaehtgens urges IAM leaders to learn the language of business, including finance and law, so that they can measure and communicate IAM in terms of business value and risk.
SEE: Top IAM solutions can help strengthen cybersecurity efforts.
Adopting a product management approach makes it easier to achieve success. Gaehtgens said a product management approach to IAM projects is a trend that accelerates business value and delivery through a “highly cross-functional” style.
Focus on identity structures rather than IAM tools
Gaehtgens said that a more cohesive and architecturally sound approach to IAM management is needed in the future.
“Most organizations struggle to provide basic IAM functionality to humans and machines, even after years of investment and effort,” Gaehtgens said.
Adopting an Identity Structure Architecture Approach
Gaehtgens said an “identity fabric” approach can help IAM professionals take advantage of current opportunities and escape the constraints of vendor lock-in. He proposed a 10-principle framework that Gartner uses to guide clients in adopting the identity structure model (Figure A).
These include expanded scope to include:
- Machine identity, causing many “credential leak takeovers”.
- Event-based connections instead of static batch analysis
- The composable “and in the long term, compostable” architecture can be flexibly adapted through changes.
Using topologies allows organizations to strip functionality from tools through layers of abstraction, giving them centralized control in a distributed environment. This sees the capabilities of underlying tools connected at a higher level in order to orchestrate them for different use cases.
AI capabilities can increase IAM team productivity
Artificial intelligence may take on certain aspects of IAM, such as account takeover detection and analysis of user entity behavior. It can also recommend appropriately sized access policies based on entitlement data, or help integrate applications with IAM services, including coding and configuration updates.
Gaehtgens warns that the data needs to be correct, and data management and engineering may become formal functions of IAM projects.
“As long as you also work on the necessary data management and data engineering dependencies, AI can provide some value,” Gaehtgens said.
Identity hygiene is the first line of defense in cybersecurity
IAM is “the first line of defense in reducing the number of alerts sent to your (security operations center),” Gaehtgens said. This means IAM professionals need to focus on identity hygiene to enhance prevention and detection, including machine identity.
SEE: Explore the differences between IAM and PAM solutions
IAM teams can start with lower-cost activities such as account presence (Picture B). However, Gaehtgens says that while Australia’s Basic Eight framework recommends addressing machine identity at maturity level 3, organizations should consider it before then.
He recommends being vigilant about IAM configuration.
“I’ve seen live IAM systems configured with privileged access to test content that was never deleted,” Gaehtgens said. “If someone gets wind of it, they can take over that IAM system and change the role to whatever they want.”
The IAM team can also perform medium-level activities such as rolling out Adaptive Access and MFA.
“The key is a balance between health investment and threat detection and response,” Geertgens said. “The better we prevent, the less chance we have of being detected.”
#Gartner #warns #IAM #professionals #cybersecurity #depends
Discover more from Yawvirals Gurus' Zone
Subscribe to get the latest posts sent to your email.
Leave a Reply