por Rebeca | Oct 6, 2021 | Ciberseguridad, Noticias, Soffid
Pre-COVID-19
Private and public organizations were on a journey towards a digital business model, digitalization in companies travelling at varying speeds. But the scale of the pandemic has forced a dramatic acceleration, both in the speed of change and the required investment in digital transformation.
According to KPMG’s 2020 global survey, organizations are investing heavily in technology to address immediate concerns like falling revenue and interrupted supply chains, and to build longer-term competitiveness and resilience.
t’s a struggle to find many positives about the current coronavirus pandemic, however there are a few interesting aspects that are starting to emerge. Trends that may well bring significant positive benefits as their full impact is felt in the months and years to come. One of these is the likely acceleration of digital transformation projects.
Cyber security and IT operational challenges, cost pressures, risk aversion and the skills gap are all driving the digital transformation agenda. On the plus side, benefits such as innovation and improvement of products and services, efficiency and an uptick in organizational agility are all expected outcomes.
Why Will COVID-19 Accelerate The Pace Of Change?
As vast swathes of the workforce shift to remote working and pressure increases to enable digital delivery of products and services traditionally rooted outside the online space, the pressure to be a truly digital organization will only increase. Organizations of all shapes and sizes will face renewed commercial pressure to negate the downsides through digital transformation and realize the benefits it offers in order to remain viable.
Organizations and investment in digital transformation
We are in a time where COVID-19 has transformed the future of business forever. Organizations from all sectors globally have been focusing on transforming digitally to ensure that the needs of their organization, customers, citizens, patients, and greater stakeholder community are met. The move from physical and on-premises to digital was critical to ensure organizations’ survival through COVID-19, as well as setting an example for potential challenges that may occur in the future.
There are very few industries unimpacted by the COVID-19 pandemic.
However, retail is an industry that has seen Digital Transformation skyrocket. With the breakneck pace of change required for retailers to compete for business online further compounded by the influx of bricks-and-mortar businesses to e-commerce due to global restrictions and lockdowns, full-scale Digital Transformation very quickly became inevitable.
All this is to say that the conversations in business have shifted rapidly over the past year to a unanimous; understanding that digitization of services in addition to industry disruption due to rapid advancements in the technologies available to businesses are now changing the shape of commerce forever. Businesses that want to keep up, or survive in reality, will need to transform radically – not just digitally, but in mindset too.
A McKinsey report argues that “Now is the time to reassess digital initiatives”. The current pandemic is forcing the hand of many to adapt to survive. Never has the phrase, ‘necessity is the mother of invention’ been more relatable.
Over the last few months
The way we interact with services has changed. Many of us are now fully ‘remote’—not only are we working from home, but also learning, shopping, exercising, and other day to day activities.
We’ve all had to adjust. But for companies in particular, it’s raising questions about how to maintain business continuity. Unable to conduct business as normal, many have turned to alternative solutions and business models. Restaurants have started providing food deliveries, gyms are offering virtual classes; and even hairdressers are offering tutorials online to help people cut their own hair.
These alternative solutions will likely require some form of digital innovation or optimization. In some cases, it’s fast-forwarding digitization processes that businesses were already exploring; and in others, it’s bringing to light new ones which hadn’t been considered.
What does this mean for a post-Covid world?
With many businesses turning to alternative digital solutions now more than ever before. Will there be no going back once the Covid pandemic has passed?
If digital solutions are more convenient, offer a better user experience; and are more scalable for businesses, why would we then revert to time-consuming, inefficient manual or face to face processes?. Are we seeing a glimpse into the future, where digital processes dramatically improve the way businesses function; and the way they serve customers?
We’re familiar with new tech start-ups, for example challenger banks, using digital processes to their advantage. But we may see more digital processes taken up by traditional services, such as mainstream banks. Hotel check-ins, voting and car rentals.
One thing to keep in mind with digital transformation however; is that as it develops, we risk widening the gap between those; who turn to digital options and those who don’t. Not only could this impact businesses, but we must also consider customers who might find it more difficult; to use digital alternatives, for example older generations.
However, if done right, digital transformation could help secure the future of many companies. The pandemic has highlighted the fact that businesses around the world need to become more flexible and more digital. And that through doing so, it could ensure that they emerge from the Covid pandemic stronger than they were beforehand.
Sources:
(1) KPMG
(2) Deloitte
(3) CioInsight
Picture: <a href=’https://www.freepik.es/fotos/icono’>Foto de Icono creado por rawpixel.com – www.freepik.es</a>
por Rebeca | Jun 9, 2021 | Ciberseguridad, Soffid
The 2020 Global State of Least Privilege Report (Least Privilege Technologies and Solutions) shows that two-thirds of organizations now consider the implementation of least privilege a top priority in achieving a zero-trust security model.
Below, we take a look at some of the critical drivers for the adoption of least privilege Solutions and Technologies. We also explore the failure of traditional systems and how modern solutions such as Software-Defined Perimeter, Secure Web Gateway and Risk-Based Authentication, among others, engender greater enterprise network security.
Access is Responsibility and Least Privilege Technologies and Solutions
According to an Identity Defined Security Alliance (IDSA) study published last year, 79% of enterprises experienced an identity-related security breach in the previous two years. Last year, just as the COVID-19 pandemic gathered momentum, another report revealed a rise in attacker access to privileged accounts, which puts businesses at a greater risk.
It is important to note that in this age where data is everything, access is equal to responsibility. Therefore, the greater access a person has at a given moment; the greater responsibility they have to protect the data that they have access to. According to the State of Security blog, author Anastasios Arampatzis states that the central goal of privilege access management, which he admits covers many strategies, is the enforcement of least privilege.
Privileged accounts are a liability precisely because the data they have access to makes them attractive targets to cyber attackers. The greater the level of access an account has, the more significant the impact of an attack would be. More so, the greater the number of privileged accounts on a network, the more catastrophic an account compromise could be. Basically, every additional privileged account multiplies the risks on a network. Therefore, it is crucial to keep the circle of privilege small in order to limit unnecessary data exposure.
Legacy Systems: The Failure of VPNs to Adequately Secure
Amidst the current challenges in privileged access management, organizations are beginning to explore alternative solutions to traditional VPN technology and other legacy security solutions which have failed in actively securing privileged accounts. One notable problem is the lack of remote user security on many VPN products, and they neither integrate well with identity providers nor properly implement user policies on identity access and authorization. The weakness of VPNs are made more apparent in this age of remote work.
Least Privilege Technologies and Solutions
At the turn of the pandemic, companies had to allow their employees to work from home. This led to a surge in VPN adoption. According to the Global VPN Adoption Index report; VPN downloads reached 277 million in 2020 based on data collected from 85 selected countries.
The cybersecurity landscape can be described as a kind of cat-and-mouse race. In response to this trend, cyber attackers shifted their focus to exploiting VPNs, amongst other techniques such as phishing. However, being a legacy technology that has somehow due to its ubiquity made its way to more modern times, VPNs have become quite weak; based on the assertion that “VPNs are designed to secure data in transit, not necessarily to secure the endpoints. ” it is easy to see why the ‘new normal’ in cybersecurity is the protection of endpoints in an age where data is gold.
Least Privilege Solutions and Technologies
The current overhauling of our approaches to access management and authentication; has given birth to the rising adoption of the cybersecurity of least privilege. This principle is connected to another swelling trend in cybersecurity: the zero-trust model.
True zero trust technologies adopt the principle of least privilege by default.
The need for privileged accounts is common to most information systems. These accounts are necessary to perform scheduled configuration and maintenance tasks, as well as supervening tasks such as the recovery of a hardware or software failure or the restoration of a backup. Due precisely to the need to use these accounts in an unplanned manner, their management must combine security, procedures and flexibility.
In order to effectively manage these accounts, the Soffid product has the necessary logic to Identify accounts. Classify them according to the level of risk and its scheme of use; distribution and assignment to responsible users, automatic and planned password change process. Passwords delivery process to authorized users and automatic injection of passwords, when this injection applies and makes sense.
Conclusion
The principle of least privilege in cybersecurity is not just an exciting fad that would go away soon. Rather, it is becoming a standard model and best practice for network protection in the new normal of cybersecurity.
Sources:
(1) Tripwire
(2) Security Tech
por Rebeca | May 26, 2021 | Ciberseguridad, Recursos, Soffid
Imagine this scenario about Future Trends in Access Management… – If you are the CEO of a mid-sized organization with branches in different continents and three thousand employees, how efficiently could you monitor logins? Perhaps, on a bad day, an employee would have lost their Smartphone or lost the paper in which they wrote the password.In such a case, would you identify that one illegal or criminal login from all the 3000 logins that day?
In this scenario, we are yet to find a universal solution to manage online identities in both the government and the private sector.
Since the IAM space is continuously evolving
Organizations identify new trends in Identity and Access Management to minimize data-breaches, meet regulatory requirements, and manage user identities to the utmost extent.
Years of data breaches stemming from credential theft, attacks targeting privileged user accounts and poor password practices have led to a major evolution in identity and access management technology designed to protect enterprise data.
Five IAM trends are addressing the need for greater user account and network protection.
Identity and Access Management (IAM) has the attention of cybersecurity professionals around the world. The identity and access management market growth has roughly quadrupled over just the last three years, and shows no signs of slowing down any time soon.
The COVID-19 pandemic has raised the visibility of identity & access management (IAM) due to the high priority in getting remote access secured and the increased protection needed around digital transformation initiatives.
In an effort to make organizations more secure, agile and resilient, IAM leaders must improve governance and strengthen privileged access management (PAM) practices to prevent breaches, establish more robust and agile authentication and authorization, and enhance consumer IAM to prevent fraud and protect privacy.
In this rapidly changing business scenario, here are upcoming trends that promise to revolutionize the IAM sector:
1) Adapting Biometrics
As per Global Market Insights, the global biometric market would reach an estimated value of USD 50 billion by the end of 2024. Perhaps one of the rapidly emerging trends in the IAM sector, biometrics like retinal scans, facial recognition systems, and fingerprints, is highly preferred for ensuring authorized users in networked systems.
To counterbalance this threat, the future trend would involve IAM, which relies on biometric data, to get an additional layer of security for protecting the biometric information.
2) Blockchain and Future Trends in Access Management
Blockchain offers features like transparency, reliability, and integrity, making it a popular choice for ensuring data protection with both public and private sectors.
While talking about Blockchain in the context of IAM; the two aspects, the come into play are – Audit trail and self-sovereign identity. Self-sovereign identity is the concept of an individual protecting their entire identity as their personal property rather than let an organization or third-party provider manage it. By keeping the individual’s information protected by encryption in a permanent blockchain across a distributed network system, this concept offers complete individual control over their identity data.
Through the Self-sovereign identity system, the idea is to replace centralized; identity providers and instead let each individual take control and decrypt the data only when required.
Audit trail, a user’s entire login history, access request, permission grants, changes performed, or engagement is recorded. This is helpful for an organization in monitoring activities, detecting fraud, and also meets compliance requirements.
3) Single Sign-On Systems and MFA
While MFA is one of the most popular IAM practices, there is still plenty of scope for its improvement; as data breaches still occur and cause substantial revenue losses. Adaptive Authentication is the advanced version of MFA. Which relies on machine learning capabilities to detect } user behavior or illegal entry.
Adaptive Authentication pulls in all the details of user login in terms of login time. Device, location, browser, and other data, which helps analyze a login attempt’s authenticity. Based on the analysis, if a login attempt turns out to be fishy. The system will ask the user to fill in an MFA to be authenticated.
Another popular IAM industry trend is Single Sign-on (SSO System) usage with MFA. That helps users leverage a unified, singular set of credentials to gain access to networks; data, applications, web, and the cloud.
4) IAM and the Internet of Things (IoT)
With the arrival of the Internet of Things (IoT), there is a massive requirement for Identity Access Management service. Whenever an IoT based device is added to a network, there increases the need to mitigate security risk.
Hence, the current priority is to ensure secure identity access management. On these IoT devices for restricting the entry of hackers into the network. Devices that can pose a threat could feature smart TVs, security cameras, and smart bulbs.
Another technology that could prove to be a breakthrough is working on IAM systems. Which require the system to authenticate a user’s access through numerous devices.
Also, in numerous cases, securing IoT devices would be achieved by embedding; the device identities in the processing chip and being an integral part of the hardware.
5) Artificial Intelligence in IAM
An aspect of Identity Management, Context-based identity, also is responsible for comparing data about. This data includes numerous behavioral patterns like physical location, IP address, usage, preferences, and machine address.
Leveraging AI programming algorithms for data mining helps discover data patterns. That are extremely helpful in reducing fraud and identifying risks. This technique has been highly useful in banking systems across the globe.
6) Identity Access Management for Cloud Services
Since the cloud is in great demand, organizations have been shifting to cloud. Services to provide advantages such as efficiency, scalability, and flexibility.
Namely, Access Management, Identity Management, Access Governance, and PAM. We help you elevate your organization’s goals towards digital transformation and help develop data strategies. In line with revenue maximization and achieve customer satisfaction.
(1) Gartner
(2) Search Security
