Identity as the new perimeter of cybersecurity

May 20, 2022

Organizations around the world have been forced to find new ways to access their corporate data remotely. The changes created from this new reality have seen identity emerge as a new perimeter and organizations have had to learn to respond to this new need or pay the price. The new perimeter must be secure. But what does this mean for organizations and how should they prepare?

Deperimetrization

The cybersecurity sector has been announcing the end of the perimeter for some time. In 2003, a group of CISOs led by David Lacey, head of security at Royal Mail, founded a group called “The Jericho Forum” to focus on the concept of “deperimetrization”. This same forum urged the industry to wake up to a world in which the perimeter was dead, issuing a series of "commandments" for a "future without perimeter". Now that future has arrived.

The rapid migration to the cloud and the growing importance of remote or hybrid working are the two trends that have ensured that the traditional edge concept never reappears. Recent studies suggest that, although teleworking in Spain began to decrease a year after the pandemic began, the levels of teleworking or hybrid work continue to be higher than before the pandemic. Currently, 14.4% of Spanish employees work, at least occasionally, from home. And, the Community of Madrid is the region that has the greatest development of teleworking, with 24.3% of its employed who say they work at least occasionally from home, according to the latest report by the Adecco Group Institute.

In this new work environment, organizations are no longer protected by the digital equivalent of thick walls around their fortress (the office). Instead, each member of staff has their own entrance to the network, which is protected by their digital identity or device managed and protected by the company. This approach is convenient and suitable for offshore workforces. However, this situation also exposes the company to a large number of vulnerabilities.

For many businesses, passwords and usernames remain the backbone of an identity-based security strategy and have also become a new threat. In fact, a 2021 Verizon Report (DBIR) found that in 61% of all security breaches, attackers used credentials. And it is that these types of credentialed accounts are a major target for cybercriminals, as they allow access to a wide range of assets and powers, including the ability to access and alter sensitive material or even delete records to cover their tracks.

Now, almost all users can be considered privileged, because they can access at least some sensitive data or information. Violating a single user's credentials allows cybercriminals to escalate privileges and gain access to an organization's entire network. Attackers no longer need to launch a frontal attack, instead, they work silently and patiently until they find a single credential that allows them to access the entire network. So how should organizations protect themselves in the age of identity-based attacks?

The first step in protecting identities requires a shift in thinking that recognizes the fact that all users have privileges. However, they are not equal in access or risk. If a user only needs to access work email or non-sensitive documents, a password or multi-factor authentication may be appropriate. If they access sensitive customer data, the user should be required to undergo more rigorous authentication and verification for authorization. A time limit may be placed on your access as a way to reduce risk. They could also be asked to submit a digital request to interact with the data that explains why they need access, including a full audit trail.

We must help employees take passwords to the background, using privileged access solutions that provide more automation and reduce the need for employees to remember passwords. Employees at all levels within an organization must understand the risks associated with the privileges to which they are entitled, because a compromise of your account can be a springboard that allows adversaries to extend their attack by accessing accounts with higher privileges .

When implementing identity security solutions, the strategy must be based on orchestration so that all solutions work together. Privileged Access Management (PAM) solutions can take the lead, allowing security teams to create a multi-pronged defense that enables seamless secure access when risk is low, while also being able to lock down systems or search more information, when danger levels are high. An approach based on interoperability, automation, and orchestration will help mitigate the risk of an attacker using stolen credentials, but will also provide a seamless experience that allows employees to benefit from increased productivity from working in a remote environment based on on the cloud.

Source:

  • Domínguez, M. (May 20th, 2022). La identidad: el nuevo perímetro de la ciberseguridad. Retrieved from: https://cybersecuritynews.es/la-identidad-el-nuevo-perimetro-de-la-ciberseguridad/

Authored by

Jorge Daniel Tejeda