Identity Management Day is 4/12 – Cyber Evangelist/Expert Insights

By   ISBuzz Team
Writer , Information Security Buzz | Apr 07, 2022 02:48 am PST

The second official Identity Management Day happens to be during the most intense cybersecurity situations and tensions we’ve seen in history. From the increased cyber threat warnings to Biden’s cry for cybersecurity help — and cyber budget increases — Identity Management Day on April 12 shines light on the importance of identity and access management (IAM) programs. 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Raj Dodhiawala
Raj Dodhiawala , President
April 7, 2022 10:48 am

Amid looming Russian cyber threats and an industry-wide battle cry for \’Zero Trust\’ strategies, organizations from both the private and public sectors are scrambling to embrace and implement Zero Trust strategies across digital assets. An important aspect of Zero Trust is mastering an identity and access management (IAM) program, however, the blurred lines created by a remote workforce and using personal devices for work have made it more challenging than ever for IT and security teams to manage across the organization.

Given the spate of recent attacks leveraging privileged identities, governance of privilege has claimed its stake in Zero Trust initiatives. With this new reality, one imperative element that many businesses overlook is limiting the privileges a person — or a machine — has access to by maintaining zero standing privilege (ZSP). This includes protecting admin authorization and protecting organizations against the discovery of admin credentials, hashes or secrets from inside the network.

Reducing the attack surface is the most important proactive IAM measure an organization can do to mitigate threats, as the majority of today\’s attackers accomplish their mission by leveraging privilege (or admin) account sprawl — a very large and highly exploited attack surface. Simply put, today\’s hackers know what they\’re doing. Once an attacker is inside any infrastructure or system, for example, elevating privileges and moving laterally to find crown jewels is straightforward. From there, they can encrypt data, execute a ransomware attack, and much more.

Last edited 1 year ago by Raj Dodhiawala

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x