You’ve heard the expression “no man is an island”? When it comes to identity solutions, you can expand on that to say no user is an island, no application is an island, no IT team is an island. Building connections across all the components of an organization’s access infrastructure is what’s going to strengthen and transform its ability to manage identities. Those connections are essential to go beyond identity management and achieve identity assurance – the confidence that users asking for access to resources truly are who they say they are.
Building the connections that enable identity assurance is vital at a time when a whopping 81% of cyber attacks are credentials-based, according to the latest Verizon Data Breach Investigations Report. We’ve got to stop attacks that involve stolen passwords or other credentials. The key to that is identity assurance, because the only way you can keep someone from using that attack vector is if you can verify their identity. Instead of just saying, “These credentials are the real deal,” you’re saying, “The person who’s using these credentials is the real deal.”
Here are three key considerations around identity assurance:
- Connect your approach to identity across the access infrastructure. How do users connect to resources? Let us count the ways, from web access management (WAM) solutions, to cloud-based access control and single sign-on (SSO), to privileged access management (PAM) systems, to virtual private networks (VPNs) – and everything in between. It’s inevitable when users need so many applications and resources to do their jobs, and when those applications and resources aren’t just on-premises, but also live in the cloud. And they’re as likely to be accessed by mobile devices as by traditionally secured desktops. In this sprawling access landscape, you need a common, consistent means of authenticating users everywhere.
- Connect your identity team and your security team. Sure, they aren’t exactly strangers – they’re part of the same organization, after all. But when you think about it, just how well does the security operations team know what the identity team is doing? How much does the identity team know about SecOps? Given that identity is now the most consequential attack vector by far, it’s essential that these two teams work together and share information as they strive to keep the organization’s critical resources safe.
- Connect identity governance with integrated risk management. Build a strong connection between identity governance and risk management that lets the identity team take a risk-based approach to identity governance. That means creating access policies and making access decisions based on how critical applications and other resources are, as well as on how great a risk to those critical applications is associated with a user’s access.
If you can make effective connections across the access environment and among the teams responsible for it, you can achieve the identity assurance that secure access demands. Watch Jim Ducharme, Vice President of RSA Identity Products, sum it up in the RSA video: 3 Keys to Identity Assurance in 2018.