A recent study conducted by Forrester Consulting found that two-thirds of organizations have been breached five times in the past two years. It’s clear that traditional approaches are not working, and companies need to completely rethink their security approach.
The study found that organizations without a mature IAM approach experience two times more breaches and $5 million more in costs than those with a mature IAM approach. The study examined four levels of IAM maturity, and found a direct correlation between a mature IAM approach and reduced security risk, improved productivity, increased privileged activity management and greatly reduced financial loss.
Best practices to reduce security risk
Here are seven best practices for enterprises to improve IAM maturity and reduce security risk:
Consolidate identities: According to Verizon, 80 percent of breaches are due to compromised credentials. It’s critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible.
Enable single-sign-on (SSO): SSO to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost, and improves user efficiency.
Implement multi-factor authentication (MFA) everywhere: MFA, including third parties and the VPN that adapts to user behavior, is widely acknowledged as one of the most effective measures to prevent threat actors from gaining access to the network and navigating to target systems.
Audit third party risk: Outsourced IT and third party vendors are a preferred route for hackers to access corporate networks. Conduct audits and assessments to evaluate the security and privacy practices of third parties.
Enforce least-privilege access: Role-based-access, least-privilege and just-in-time privilege approval approaches protect high value accounts, while reducing the likelihood of data loss from malicious insiders.
Govern privileged sessions: Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis.
Protect the inside network: Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide strong protection from malicious insiders and persistent hackers once inside the firewall.
“A breach can wipe out company value – we saw it with Yahoo!’s acquisition price devaluation of $350 million and with Chipotle’s loss of $400 million in shareholder value after their breaches were announced. The stakes for properly securing access to corporate resources and handling security incidents couldn’t be higher,” said Bill Mann, chief product officer at Centrify. “In fact, a recent Ponemon research study found that stock prices fall an average of five percent, customer churn can increase as much as seven percent and brand reputation is tarnished after a data breach is disclosed. In order to avoid financial and reputational ruin, organizations must rethink their traditional endpoint and firewall security approach and add identity security into their arsenal against cyberattacks.”