SOFFID BLOG

Reducing the attack surface for identities and entitlements in the cloud

Aug 25, 2021 | News, Resources, Single Sign On, soffid

 

The attack surface is the number of all possible points, or attack vectors, where an unauthorized user can access a system and extract data. The smaller the attack surface, the easier it is to protect.

Organizations must constantly monitor their attack surface to identify and block potential threats as quickly as possible. They also must try and minimize the attack surface area to reduce the risk of cyberattacks succeeding. However, doing so becomes difficult as they expand their digital footprint and embrace new technologies.

Organizations are moving to the public cloud in record-setting numbers, but with this growth comes unanticipated security challenges with user identity management and the explosion of “non-human” identities such as applications, databases and data stores. In a recent publication, Gartner estimated that “75 per cent of security failures will result from inadequate management of identities, access, and privileges” by 2023, up from 50 per cent in 2020. With this in mind, the need for more robust identity security is clear—especially the ability to detect suspicious activity leveraging valid account credentials. Unfortunately, traditional security tools are ill-equipped to handle this explosion of resource management and, as a result, over-provision access and exasperate security risks.

With identity-based attacks on the rise, today’s businesses require the ability to detect when attackers exploit, misuse, or steal enterprise identities. This need is particularly true as organisations race to adopt the public cloud, and both human and non-human identities continue to increase exponentially. Given the penchant for attackers to use credentials and leverage Active Directory (AD), it is now critical to detect identity-based activity.

 

Understanding today’s threats

The threat to identities is genuine, and given the damages occurring with their misuse, it should be a priority for every CISO. According to the 2021 Verizon data breach investigations report, credential data now factors into 61 per cent of all breaches. More broadly, the “human element” factor into 85 per cent of breaches, while phishing is present in 36 per cent of them. These stats highlight that attackers consistently attempt to access valid credentials and use them to move throughout networks undetected. Credential misuse has also enabled the growth of attack tactics like ransomware 2.0, with ransomware now making up 10 per cent of all breaches (double what it was in 2019).
Verizon is not the only organisation to note this shift.

As companies move their workloads to the public cloud, the security mindset also needs to shift from traditional security to cloud security. In the cloud security model, identity is the new perimeter therefore, implementing robust identity controls and safeguards to reduce the attack surface for bad actors becomes a key component of your security strategy.

 

The Role of IAM

The challenge is largely solved by Single-Sign-On (SSO) and Multi-Factor Authentication (MFA) technologies. SSO enables users to log in to all their apps and systems with just a single password. This reduces the number of passwords required to be remembered and eliminates confusion that results in people noting down or saving their numerous passwords in a document on their machines. MFA protects identities further by forcing authentication on multiple levels. Here, credential-based authentication is further protected by challenge-response questions, SMS or Email OTPs or even biometrics. Both these features form the base of most available IAM solutions.

But not only do IAM systems protect against unauthorized access, they also typically offer solutions for managing user access rights and trends. You can use them to govern and even automate the different accesses that someone may have to different systems and apps used by your organization.

Protecting identities is of far more pressing importance than safeguarding apps and systems against unauthorized access. By securing an identity you protect the very root of the access mechanism. Shielding apps and systems from hackers only insulate the last barrier in the access vector.

Today, identity security is central to the cybersecurity threat landscape, and the ability to detect and respond to identity-based threats is essential.

 

Sources:
(1) Solution Review
(2) Illantus

Picture:
<a href=’https://www.freepik.es/vectores/ordenador’>Vector de Ordenador creado por rawpixel.com – www.freepik.es</a>

Related Articles