Knowing your network: identity management

The increasing number of cyber-attacks on consumers, and businesses alike, highlights the fact that the corporate world has a lot to reflect upon when it comes to how we protect digital identities and safeguard our data.  Anurag Kahol, co-founder of Bitglass, a Forcepoint Company, discusses the risks of password usage, regulatory compliance, and the importance of better identity and access management (IAM) processes in the workplace. 
The increasing number of cyber-attacks on consumers, and businesses alike, highlights the fact that the corporate world has a lot to reflect upon when it comes to how we protect digital identities and safeguard our data. 
Anurag Kahol, co-founder of Bitglass, a Forcepoint Company, discusses the risks of password usage, regulatory compliance, and the importance of better identity and access management (IAM) processes in the workplace. 

In today’s increasingly digital workplace and consumer landscape, every technology user has a unique digital identity based on their online presence. Whether it’s social media activity, login credentials, financial records or web history, digital identity is something businesses must strive to safeguard in the same way as we might protect any physical forms of identification. But without a strategic approach to identity access management or formal processes in place, today’s businesses make themselves increasingly vulnerable to identity theft or fraud. 

The exponential surge of data on the web makes protecting employee and customer data increasingly challenging, with accelerated digital transformation efforts of the past year adding fuel to an already raging fire of cyber-related vulnerabilities. 

The pandemic’s impact on the modern workplace has undeniably created a perfect storm in terms of corporate security. As a result, businesses must strive to educate staff, implement new processes, and regularly review identity management to protect themselves and their customers in the long term.

Why passwords pose a continuous risk 

Over 80% of hacking-related security breaches involved the use of misplaced or stolen credentials. 

In recent years, many big-brand security breaches have reached the headlines, including that of Marriott, which suffered a significant incident after a cybercriminal hacked into the accounts of two of their employees. This attack saw the personal identifiable information (PII) of 5.2 million of their hotel guests compromised, costing the brand not only £18.4mn in fines, but also a hefty dent in their global reputation. 

The recent hack of US-based software company SolarWinds Inc, was also reportedly triggered by the leakage of a weak password which saw threat actors gain access to the network. 

Many businesses enforce regular password changes to mitigate credential vulnerability, but as employees are likely to use new passwords across multiple platforms and accounts, this approach only works as a temporary fix to a wider problem. Memorizing multiple different passwords for every platform is a challenging and arduous task, which means password reuse is becoming increasingly commonplace as technologies evolve. 

Businesses looking to safeguard employees and (by extension) customer data, must implement better password hygiene and stronger authentication controls to adhere to compliance and protect their sensitive information. 

Why adhering to regulations could save your reputation

When a large amount of data is stored and collected, data security and brand reputation become intrinsically linked. For the likes of SolarWinds and Marriott, the costs in customer loyalty, and brand reputation could have been significant.

Those who collect customer data in any capacity have a responsibility to keep that data safe, whether to remain compliant or to gain and retain trust. But the EU regulations stipulate stringent laws when it comes to data privacy. The EU’s General Data Protection Regulation (GDPR) has been in place since 2018, and businesses should see this as a positive, ensuring they tick all the boxes when it comes to protecting their customers, and subsequently, retaining their trust. 

Businesses that fail to comply with data protection regulations risk being fined, or even losing their business altogether. 

Identity management best practice 

To remain ahead of the curve in the evolving security landscape, businesses and consumers alike should work together to ensure the best possible security levels at every touchpoint. Modern businesses should be aware that passwords, no matter the length, complexity or uniqueness, reliance on password usage will always pose a risk. 

Considering this, organizations need to review their cybersecurity strategies and processes to help mitigate and defend against the increasing frequency and sophistication of cyber-attacks. 

A key starting point for those wanting to implement more fail-safe security is to examine your identity and access management, first by taking a look at the following tips: 

1.Implement multi-factor authentication (MFA) and Single Sign-On (SSO)

Asking employees to memorize dozens of long and complex passwords has become an impractical and outdated way to keep your networks secure. Thankfully there are several solutions on the market that are designed to reduce the risk of credential theft, and also enable a more friction-free experience for users. 

Multi-factor authentication underpins your infrastructure with an added layer of security. Third-party apps such as Google Authenticator or SMS tokens sent via text message are a good solution for those looking to add an extra layer to their verification process for users. Using SSO, users can access a number of disparate cloud-based resources simply by logging into a single portal. 

2.Keep track of user behavior 

It’s important to monitor employees’ network activity and behavior to identify and act on any abnormalities. For example, monitoring typical login times for your workers, knowing their respective home IP addresses will help to identify suspicious behaviour and enable you to confirm whether a user is truly who they claim to be online. Using context-based, step-up authentication, businesses can more effectively verify a users’ identity according to their usual day-to-day activity, locations, and devices. 

3.Communicate and educate 

Getting your workers and other network users on board with your new identity management processes is a crucial step on the journey to a more secure infrastructure. Even if your organization has all the right solutions in place, your new security strategy will rely on educational resources and regular communication with users on the ever-evolving threats. For that reason, it’s a good idea to implement a regular training programme to keep employees informed on how to effectively safeguard their own, and your customer’s digital identities. 

Identity management and awareness of the threats involved with work life and daily lives that revolve around the internet has never been more critical.  

READ MORE:

Examining current identity access management, weaving in the above tactics, businesses can more proactively defend workers and customer’s sensitive information at every level of the modern corporate ecosystem. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Anurag Kahol

Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...