Identity management is a centre-stage topic in the cybersecurity world. A critical vector of zero-trust security (the strategic approach lauded by experts as being the most effective at preventing breaches), identity management should be a priority for any organisation concerned about its data integrity, continuity and finances. So, that makes everyone!
Identity management is just one layer of a robust security stack, but there are several safeguards you can implement right now for immediate enhanced protection. These are our specialists’ top five recommendations.
- Create a privileged permissions strategy
- Be vigilant with temporary access
- Use MFA applications instead of numbers
- Apply MFA to VPN connections
- Build a stronger security culture
1. Create a privileged permissions strategy
There’s a golden rule in IT identity management – least privileged access permissions as standard. However, a small number of specific users (such as those in finance or IT) will need continuous access to sensitive data and mission-critical resources.
To cut back privileges for those chosen users would be counterproductive. The trick is to first carefully decide who these users are and what they need to accomplish, then devise a more secure access manner. Therefore, we recommend that you:
- Create a robust permissions strategy that defines what a privileged and non-privileged account is, how they function and how privileged access is provisioned.
- Use a privileged password management tool to store and manage usernames and passwords. This reduces the risk associated with superusers (i.e., admins).
The above processes can be arduous and overwhelming but are necessary for all other security measures to function as intended. Because of the wide-reaching and immediate effects of permissions changes, we recommend working on a project in isolation with a specialist consultant before rolling it out to your live environments.
2. Be strategic and vigilant with temporary access
Of course, there will be occasions where specific users need to assign superuser access for a limited amount of time. For example, consultants, auditors and third-party developers may require unbridled access to data or systems despite not being categorised as privileged.
Therefore, it’s important that the abovementioned provisioning process covers temporary scenarios, and that your privileged password management tool is configured for in-out secure superuser access.
We also recommend that you set out temporary access best practices in writing, and directly communicate your rules and preferences before handing over the keys. For example, asking for work to be done in defined batches on set dates, or limiting the amount of times in a day that temporary access will be granted.
3. Use a multifactor authenticator application
At the tail end of 2022, several national cybersecurity agencies began releasing guidance on “phishing-resistant multifactor authentication”. This was in response to the huge numbers of organisations depending on SMS and mobile push notifications for their MFA (multifactor authentication).
But, to the surprise of many, these two identity management mechanisms are not considered wholly secure because phone numbers are susceptible to social engineering attacks – like spear phishing and whaling – after which, they can be duplicated.
Authenticator applications installed on smartphones that use biometric access and generate one-time passcodes every 30 seconds are far more secure. Even readily available apps like those from Microsoft and Google will do the trick if mobile devices have appropriate antivirus, threat detection and response and drive encryption installed.
For help choosing an authenticator app, securing mobile endpoints and training staff on secure use, drop Sentis a message here.
4. Set up multifactor authentication on your VPN
A VPN (virtual private network) is an essential layer of security responsible for preventing unauthorised users or software from accessing your business network, its data and functions. VPNs are a non-negotiable for remote access but are by no means a cybersecurity failsafe.
To protect your VPN from being hijacked by threat actors, it’s vital that additional identity management solutions are applied. We advise applying MFA to your VPN connection logins: this will prevent phished credentials being used by hackers to access your network.
5. Establish a strong organisational security culture
When we talk about identity management safeguards, we have to hone in on employee training. For all the technology in a company’s corner, a staff slip-up (whether unintentionally revealing personal details or falling victim to a spoofed email that manoeuvred past email security) can still cause a data breach.
As a result, it’s important to build a strong security culture where threat awareness and process vigilance are high. We recommend the following:
- Regular guided training sessions tailored around the biggest threats facing your organisation and featuring engaging team activities
- Browser-based simulation testing, which will regularly present users with fake phishing tests and direct them toward training modules should they fail
- Quarterly security audits that analyse breaches or near misses and evaluate identity management policies
Looking for identity management advice?
Are you considering adding identity and access management to your security stack, or do you want to stress test your current measures?
Get in touch with Sentis Managed Solutions. We’re a Managed Security Services Provider (MSSP) delivering a complete range of specialist breach detection and response tools. We also offer penetration testing and a free, no-obligation security audit – so you can confirm what’s working well and what needs reinforcement before committing.