Tuesday, April 13th is the inaugural Identity Management Day. This is an annual awareness day that aims to educate business leaders and IT decision-makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials.

Experts Comments

April 12, 2021
Doug Davis
Senior Product Manager
Semperis

With the growing popularity of cloud, enterprises have been gravitating toward a hybrid identity management model that promises the best of both worlds—a little bit in the cloud, and a little bit on-premises. For the vast majority, this means leveraging Azure Active Directory (AAD) alongside Active Directory (AD). Organizations making this change must consider three critical adjustments: the need for new authentication models, the loss of the traditional perimeter, and drastic changes to the

.....Read More

With the growing popularity of cloud, enterprises have been gravitating toward a hybrid identity management model that promises the best of both worlds—a little bit in the cloud, and a little bit on-premises. For the vast majority, this means leveraging Azure Active Directory (AAD) alongside Active Directory (AD). Organizations making this change must consider three critical adjustments: the need for new authentication models, the loss of the traditional perimeter, and drastic changes to the permissions model.

Changes in permissions are by far the biggest security risk when it comes to implementing hybrid identity management. Not only are there a huge number of services available when organizations move to a hybrid identity environment, but you also have roles in Azure AD that may be unfamiliar compare to the set of well-defined administrative groups in Active Directory. Organizations must establish strong governance of what apps are going to be turned on, who is able to make those changes, and what access rights they will get. While managing identity in a hybrid environment might seem as simple as joining a Windows device to AAD, failing to account for changes to the risk landscape opens the door to issues that can cause headaches in the future.

  Read Less
April 09, 2021
Chanel Chambers
Senior Director
Tanium

I suggest practitioners focus on three areas around identity management. First, access control and the principle of “least privilege” which gives users access only to the resources they absolutely need to do their jobs. We've seen cases where large, sophisticated enterprises didn't realise that more than 20,000 of their users had administrative rights they shouldn't have had.

 

Second, have a process in place to track lateral movement paths. We know most cybercriminals get in via stolen

.....Read More

I suggest practitioners focus on three areas around identity management. First, access control and the principle of “least privilege” which gives users access only to the resources they absolutely need to do their jobs. We've seen cases where large, sophisticated enterprises didn't realise that more than 20,000 of their users had administrative rights they shouldn't have had.

 

Second, have a process in place to track lateral movement paths. We know most cybercriminals get in via stolen credentials. Make sure you know who has access to what systems and data and the actual paths of lateral movement across your organisations. This also helps organisations prioritise patching.

 

Finally, zero trust tells us to trust no one and verify everything. This is a powerful approach for identity and access. If your IT infrastructure doesn’t assume trust, it will require that each user and each point of access be re-verified.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.