As digitisation forces organisations into the cloud, the situation is becoming complicated.
As digitisation forces organisations into the cloud, the situation is becoming complicated.
Those with large user bases are using Identity and Access Management( IAM) solutions to help simplify access while enabling security across mixed environments. Some of these solutions are based in the cloud but those looking to marry simplified access with superior security should be aware of the risks involved.
CIOs are often reluctant to put sensitive data in a cloud environment. Once it’ s there, it’ s no longer under the control of the company responsible for looking after it. It feels less secure than if it’ s kept under your own control and for good reason. Verizon confirmed that the top action involved in breaches was the use of stolen credentials in 2017, while web apps were the top target for threat actors. For now, keeping credential data off the cloud sounds like a safe bet.
It’ s important that CIOs keep sensitive data within an environment that they can control but they must still find a way to navigate the cloud. So what’ s the most simple, secure and flexible way to do so?
Considering user context
User context is a significant factor. With an increasing number of employees working remotely, they may be inadvertently making it easy for cybercriminals to steal information.
Therefore, users should only have access to enough information to do their job if it’ s safe to do so. In that changing environment, an antivirus / firewall solution alone is not enough to enable simplicity and flexibility for user access. Equally, a pure IAM solution cannot secure an organisation’ s environments on its own.
To achieve the most secure result, an IAM solution should be used in combination with an organisation’ s antivirus, firewall and other security architecture.
Meanwhile, it’ s important to bear in mind that registered users don’ t always have pure intentions. Intruders can come from within; according to Verizon, 28 % of data breaches involved internal actors, rather than external figures in disguise.
Organisations must take care to manage access effectively, so users can only see as much as they need to perform legitimate actions. While security is of paramount importance, genuine users should not be held back by overly complex authentication.
It’ s well-known that customers will abandon transactions if the journey is too difficult. According to research by American Express, 78 % of online shoppers have bailed on a transaction because of a poor service experience.
74 Issue 05 | www. intelligentciso. com