Story image

Seven ways identity and access management can take the edge off data risk

02 Nov 2017

Data breach reporting regulations are becoming commonplace in many countries including Australia and as a result, organisations need to increase their identity and access management (IAM) maturity.

According to Centrify, the risks arising from breaches and breach reporting can be reduced if organisations take action.

Reported data breaches could damage both shareholder and customer loyalty – you only need to look at how Verizon slashed its offer to acquire Yahoo.

“A breach can wipe out company value, as we saw it with Yahoo!’s acquisition price devaluation of $350 million after its data breaches were announced,” comments Centrify’s senior director of APAC sales, Niall King.

“A recent Ponemon research study found that stock prices fall an average of five per cent and customer churn can increase as much as seven per cent after a data breach is disclosed. The stakes for properly securing access to corporate resources and handling security incidents couldn’t be higher.”

Another study by Forrester Consulting found that two thirds of organisations have been breached in the last five years. Those without a mature IAM approach experienced twice as many breaches and around $5 million more in costs.

To help organisations improve their cybersecurity defences, Centrify outlines seven best practices:

- Consolidate identities: According to Verizon, 80 per cent of breaches are due to compromised credentials. It’s critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible

- Enable Single Sign-On (SSO): Single Sign-On to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost, and improves user efficiency

- Implement Multi-Factor Authentication (MFA) everywhere: Multi-Factor Authentication, including third parties and the Virtual Private Network (VPN) that adapts to user behaviour, is widely acknowledged as one of the most effective measures to prevent threat actors from gaining access to the network and navigating to target systems

Audit third party risk: Outsourced IT and third party vendors are a preferred route for hackers to access corporate networks. Conduct audits and assessments to evaluate the security and privacy practices of third parties

- Enforce least-privilege access: Role-based access, least-privilege and just-in-time privilege approval approaches protect high-value accounts, while reducing the likelihood of data loss from malicious insiders

Govern privileged sessions: Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis, and

- Protect the inside network: Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide strong protection from malicious insiders and persistent hackers once inside the firewall.

How Virtustream enabled FMC to modernise its global IT operations
As a result of transforming its IT operations, migrating mission-critical applications to the cloud and implementing a new SAP S/4HANA environment, FMC expects to realise significant cost and time savings. 
Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
Brennan IT namedrops new clients for its MSP services
CEO Stephen Sims says enterprises have been underserviced by Tier-1 service providers for too long.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
How the right ECM system empowers key business areas
"The right enterprise content management system supports collaboration and co-authoring aspects of content management, including visibility for all parties associated with key assets.”
Queensland Govt backs safety-tech firm to tune of $1m
“The safety software market is booming, thanks to our customers realising its value in the precarious world we live in,'' says Karen Cantwell.
Google certifies Panasonic rugged devices for enterprise
The Toughbook T1 and N1 handhelds meet all requirements for Google’s rugged Android certification.