Knowing your network: identity management

The increasing number of cyber-attacks on consumers, and businesses alike, highlights the fact that the corporate world has a lot to reflect upon when it comes to how we protect digital identities and safeguard our data.  Anurag Kahol, co-founder of Bitglass, a Forcepoint Company, discusses the risks of password usage, regulatory compliance, and the importance of better identity and access management (IAM) processes in the workplace. 
The increasing number of cyber-attacks on consumers, and businesses alike, highlights the fact that the corporate world has a lot to reflect upon when it comes to how we protect digital identities and safeguard our data. 
Anurag Kahol, co-founder of Bitglass, a Forcepoint Company, discusses the risks of password usage, regulatory compliance, and the importance of better identity and access management (IAM) processes in the workplace. 

In today’s increasingly digital workplace and consumer landscape, every technology user has a unique digital identity based on their online presence. Whether it’s social media activity, login credentials, financial records or web history, digital identity is something businesses must strive to safeguard in the same way as we might protect any physical forms of identification. But without a strategic approach to identity access management or formal processes in place, today’s businesses make themselves increasingly vulnerable to identity theft or fraud. 

The exponential surge of data on the web makes protecting employee and customer data increasingly challenging, with accelerated digital transformation efforts of the past year adding fuel to an already raging fire of cyber-related vulnerabilities. 

The pandemic’s impact on the modern workplace has undeniably created a perfect storm in terms of corporate security. As a result, businesses must strive to educate staff, implement new processes, and regularly review identity management to protect themselves and their customers in the long term.

Why passwords pose a continuous risk 

Over 80% of hacking-related security breaches involved the use of misplaced or stolen credentials. 

In recent years, many big-brand security breaches have reached the headlines, including that of Marriott, which suffered a significant incident after a cybercriminal hacked into the accounts of two of their employees. This attack saw the personal identifiable information (PII) of 5.2 million of their hotel guests compromised, costing the brand not only £18.4mn in fines, but also a hefty dent in their global reputation. 

The recent hack of US-based software company SolarWinds Inc, was also reportedly triggered by the leakage of a weak password which saw threat actors gain access to the network. 

Many businesses enforce regular password changes to mitigate credential vulnerability, but as employees are likely to use new passwords across multiple platforms and accounts, this approach only works as a temporary fix to a wider problem. Memorizing multiple different passwords for every platform is a challenging and arduous task, which means password reuse is becoming increasingly commonplace as technologies evolve. 

Businesses looking to safeguard employees and (by extension) customer data, must implement better password hygiene and stronger authentication controls to adhere to compliance and protect their sensitive information. 

Why adhering to regulations could save your reputation

When a large amount of data is stored and collected, data security and brand reputation become intrinsically linked. For the likes of SolarWinds and Marriott, the costs in customer loyalty, and brand reputation could have been significant.

Those who collect customer data in any capacity have a responsibility to keep that data safe, whether to remain compliant or to gain and retain trust. But the EU regulations stipulate stringent laws when it comes to data privacy. The EU’s General Data Protection Regulation (GDPR) has been in place since 2018, and businesses should see this as a positive, ensuring they tick all the boxes when it comes to protecting their customers, and subsequently, retaining their trust. 

Businesses that fail to comply with data protection regulations risk being fined, or even losing their business altogether. 

Identity management best practice 

To remain ahead of the curve in the evolving security landscape, businesses and consumers alike should work together to ensure the best possible security levels at every touchpoint. Modern businesses should be aware that passwords, no matter the length, complexity or uniqueness, reliance on password usage will always pose a risk. 

Considering this, organizations need to review their cybersecurity strategies and processes to help mitigate and defend against the increasing frequency and sophistication of cyber-attacks. 

A key starting point for those wanting to implement more fail-safe security is to examine your identity and access management, first by taking a look at the following tips: 

1.Implement multi-factor authentication (MFA) and Single Sign-On (SSO)

Asking employees to memorize dozens of long and complex passwords has become an impractical and outdated way to keep your networks secure. Thankfully there are several solutions on the market that are designed to reduce the risk of credential theft, and also enable a more friction-free experience for users. 

Multi-factor authentication underpins your infrastructure with an added layer of security. Third-party apps such as Google Authenticator or SMS tokens sent via text message are a good solution for those looking to add an extra layer to their verification process for users. Using SSO, users can access a number of disparate cloud-based resources simply by logging into a single portal. 

2.Keep track of user behavior 

It’s important to monitor employees’ network activity and behavior to identify and act on any abnormalities. For example, monitoring typical login times for your workers, knowing their respective home IP addresses will help to identify suspicious behaviour and enable you to confirm whether a user is truly who they claim to be online. Using context-based, step-up authentication, businesses can more effectively verify a users’ identity according to their usual day-to-day activity, locations, and devices. 

3.Communicate and educate 

Getting your workers and other network users on board with your new identity management processes is a crucial step on the journey to a more secure infrastructure. Even if your organization has all the right solutions in place, your new security strategy will rely on educational resources and regular communication with users on the ever-evolving threats. For that reason, it’s a good idea to implement a regular training programme to keep employees informed on how to effectively safeguard their own, and your customer’s digital identities. 

Identity management and awareness of the threats involved with work life and daily lives that revolve around the internet has never been more critical.  

READ MORE:

Examining current identity access management, weaving in the above tactics, businesses can more proactively defend workers and customer’s sensitive information at every level of the modern corporate ecosystem. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Anurag Kahol

Anurag expedites technology direction and architecture. Anurag was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...