How can CIOs and CISOs successfully thwart more data breaches in 2018?
Here’s one tip – Centrally manage access to all your cloud-based apps to eliminate access blindspots and shadow IT. This will let you sleep better at night, knowing that you have the control and visibility you need into who is accessing which app and when, and how their identity is being verified.
While this may seem straightforward, there have been countless data breaches caused by the compromise of credentials used to access public cloud applications (the likes of Google, AWS and Azure). Case in point is the Deloitte data breach of last year, involving compromised credentials used to access an email server hosted on the Azure cloud. Sporting a compromised username and password used to access the administrator account (possibly gleaned via phishing, bruteforce, or simple malware) the perpetrator gained access to the company’s email server—a feat that could have been easily thwarted had the account been protected by multi-factor authentication (MFA). And the list of similar cloud breaches is a long one, with poor access controls repeatedly cited as a top breach enabler.
MFA vs. Access Management
But MFA is only part of the solution. Why? Because it’s simply not scalable to manage the access controls of 10, 20 or 30 different cloud apps from 10, 20 or 30 different management consoles. That’s where cloud access management comes in. By combining cloud single sign-on, MFA and granular policies, access management solutions provide IT and security leaders with a single pane of glass from which to define and enforce access controls on all their cloud and web apps. Given the multiple drivers for implementation, analyst firm Gartner predicts that, “By 2019, more than 80% of organizations will use access management software or services, up from 55% today.”
Mitigating Cloud Access Risk
Cloud single sign-on, and SSO solutions in general, tend to take an ‘open-buffet’ approach whereby users are free to access any resource they wish after they have been authenticated to the SSO session. The beauty of cloud access management solutions is that they provide a single sign-on experience, while letting IT leaders decide whether a certain app requires stronger security controls, post-login.
This means that different access controls can be enforced in different access scenarios, while still maintaining the speed of SSO. Taking into consideration contextual information such as network, location, device, user group and target app, SSO can be applied transparently, or be secured with an additional authentication factor. According to a recent Gemalto survey of 1,050 IT decision makers worldwide, the threat of large scale breaches (72%) and security concerns around password vulnerability (73%) account for the top two drivers cited by IT leaders for implementing access management and cloud SSO solutions in their organization.
Good IAM Tidings for 2018
The silver lining in the cloud security predicament is that there are a wealth of standards and protocols which make it safe to move our data to the cloud, with many arguing that cloud service providers offer superior security to those offered by on-premises solutions. Examples include federation protocols such as SAML and OpenID Connect, cloud encryption and key management solutions, and process-related standards such as ISO 27001 and AICPA SOC-2.