The past few years have marked a flurry of security breaches and enormous data leaks. President Barack Obama himself issued an executive order, calling for agencies to implement tighter security in managing their credentials. The conclusion we can draw is pretty simple:
The traditional security model we have known so far is no more. The security perimeter has shifted, and at its core now stands Identity – in the Cloud, mobile devices and the Internet of Things (IoT). We have reached the point of identity convergence: our physical identity has merged with our network identity. Think of employee cards, GPS or even online games, all bringing the network layer and the physical layer closer to each other.
This course of events is in no way surprising, yet too many businesses and agencies underestimate the importance of properly shielded identity. We can define three reasons for identity rising as a new security perimeter:
- The rise of mobile devices – as employees bring their own devices and communicate with external vendors and customers, they compromise the existing security infrastructure. The already established security model doesn’t suffice to keep credentials properly shielded against cyber attackers. Even if a mere 10% of the threats pass through, they can wreck havoc on your confidentiality. Protecting yourself with cutting edge security software means that even if your perimeter gets breached, your data still remains safeguarded and impenetrable.
- Emergence of a huge number of disruptive, innovative IT technologies – such as cloud services or IoT. Their adoption extends traditional perimeter-based models and calls for adequate keeping up with the trends and modern authentication control. The password management we knew is no longer effective in such an environment. While many revere biometric authentication (fingerprint, retina or voice scanning), even that approach towards security is prone to vulnerabilities. The fact that the US Office of Personnel Management (OPM) leaded around 5.6 millions fingerprint details makes that clear. Given the fact that your biometric information remains the same, how do you change your credentials in case it gets breached?
- The unprecedented increase in terms of cybercrime – it’s not only much more intensive, but cybercriminals come up with more strategic, devious and sophisticated methods of exploiting existing security infrastructures.
Enterprises’ security infrastructure has evolved so much that sticking to old security perimeters is like building a bridge out of paper. Just think about it: you operate on a global scale, usually supplementing your line of operation with everything from 3rd party apps to cloud service providers. By extending your perimeter of operations, you also stretch the borders of your network (and respectively, its security).
Firewalls, anti-virus or anti-malware software and standard detection systems simply don’t cut it anymore. Contemporary cyber defence practices follow a “Medieval perimeter security” paradigm, but attacks don’t always come from a fixed number of sources. Neither are they only caused from clear cut “bad guys” – you can easily experience a breach from within the confines of your “castle”.
IoT devices demand an even urgent reconsideration of identity as the new perimeter of security. Most of them revolve around the most basic form of identity authentication, passwords themselves. And while web credentials are frequently getting an “update” in terms of protection, IoT passwords are still limited due to the devices’ user interface. From there on, they remain vulnerable to anything from weak unencrypted storage to open ports or other “legacy” web security issues.
How To Approach Securing Identity In A Volatile Environment
If we are to sum it up, the lesson is: “Think both ahead and outside the established security perimeter”. Sadly, the recent years show that too many enterprises and institutions stick to old security habits, thus getting hit by data breaches. Lagging behind modern security practices goes beyond that, though. You also risk heavy fines due to your enterprise not being compliant with privacy laws. An example is the upcoming General Data Protection Regulation (GDPR), a data protection regulation passed by the EU. Experts say that over half of the global companies are expected to receive financial repercussions due to not meeting its standards
Corporations might consider two approaches to upholding proper identity protection:
- The “Zero Trust” strategy – A policy that assumes a perimeter will always be breached, no matter the number of security layers and their complexity. No discretion should be present, and enterprises have to keep in mind that no one can be trust – both within their organization, or out there in the wild web. Data and access compartmentalization is a crucial part of Zero Trust, as it segments user credentials. Even if one device gets hacked, others aren’t put in danger. Secure single sign-on software like Smartsignin sticks to the Zero Trust strategy, removing any possible domino effect of your security being compromised or your privacy breached.
- Maintaining an Adaptive perimeter approach in your enterprise’s security infrastructure. The brutal truth is attack surfaces (mobile devices, IoT) have increased immensely and are now interlinked (think of how many 3rd party integrations and APIs you are operating with). This connectivity increases the scope of any prospective cyberattack, so the adaptive perimeter approach aims to reduce that overall surface. Examples include admins setting security policies to a specific app or bundle of apps; advanced user authentications in pieces of software, or limiting the usage of certain APIs.
Do you want to shield your identity more effectively?
As experts in the field of cyber security, we want to help you safeguard your credentials properly. This is why you can now get FREE access to our whitepaper on cloud identity and safe access management. It will help you assess the contemporary cloud security challenges and improve the way you shield the new security perimeter – identity.