Security versus convenient access

Access & Identity Management Handbook 2017 Editor's Choice, Access Control & Identity Management, Integrated Solutions, Infrastructure

Like it or not, in the application economy every enterprise is now in the software business and the challenges ahead are daunting. Budget constraints continue to be a common obstacle, but they are closely followed by security concerns.

Many have found that protecting the identity of users and safeguarding sensitive data is easier said than done when contending with:

Exploding user and application populations. The sheer volume of applications, their rate of change and the diversity of end-users has never been greater. To enable and protect the business, enterprises must efficiently manage:

a) the identities of this growing user base, and

b) their access to the appropriate applications.

The externalisation of IT. In order to meet the break-neck pace of application demand while keeping costs low, businesses have turned to cloud-based deployment models. Moreover, enterprises are increasingly embracing partner-delivered services and third-party applications to enhance their line-up of digital experiences. This diversity in application environments has erased the once well-defined boundaries of an enterprise, introducing new security considerations.

Varied endpoints. Applications are everywhere – as are the employees, partners and customers accessing them. And, these users are leveraging a dizzying array of devices, from PCs and tablets to smartphones and wearables. In order to protect the business and grant the appropriate level of access, organisations must authenticate each user and each endpoint.

As digital interactions increase in volume and complexity, identity and access security have become more critical for both the organisation and end user. However, security measures should not be achieved at the cost of convenience. Today, intuitive and easy-to-use functionality drive applications are ripe for adoption. If a customer has to jump through awkward authentication hurdles, they will not hesitate to look elsewhere. And if an employee, partner or contractor must juggle multiple logins to gain access to essential services, frustration will quickly grow while productivity plummets.

In this culture, where security is paramount and the user experience is king, the ultimate goal is to provide users with easy and secure access to the applications they require – whether on premise or in the cloud – based on their identity, role and associated entitlements.

Appropriate security levels

So, how do we ensure appropriate security levels within this complex and rapidly evolving application economy?

The answer lies in a centralised identity and access management (IAM) service. This approach ensures all identity-related functions, such as authentication – and ultimately authorisation – are consistently managed by the enterprise and executed reliably across diverse channels. And true to the trends, many have begun to leverage IAM as a hosted cloud service for its cost-saving, flexible and elastic qualities. Utilising this elastic model, one can quickly obtain enterprise-grade IAM security capabilities without having to deploy or manage the large IT infrastructure typically associated with on premise solutions.

What are the drivers of cloud IAM adoption? They include:

• The need to expand or contract identity services based on the current needs of the business.

• A requirement to reduce resource and cost pressures. The cloud-based model eliminates the need for the procurement of hardware, facilities, security specialists and other expensive IT infrastructure to support on-premise solutions.

• The demand for accelerating the release of new business services with centralised and consistent IAM across on premise and cloud-based apps.

Application and user numbers are undeniably on the rise. In fact, it is not uncommon for operations to manage a customer user base of one million-plus and/or an employee, partner and contractor population in the hundreds of thousands. IAM as-a-Service enables you to centrally manage identities from account creation and assignment of access rights to fielding access requests and managing related user attributes.

Security and authentication will be more important to enterprises in the next two years as it will have higher visibility from executives because of recent data breaches. Forecasters predict that mobile phones and devices will be the authenticator used by most. When it comes to authentication, enterprises and end-users want two things – simple and secure. Organisations want ‘zero-touch authentication’ to deliver as frictionless and password-free an experience for their customers and employees as possible, and the mobile device will be a key element.

The shift from identity management to identity access security is another predication. Data breaches have hinged on compromising a user identity and new systems will require identity and access security that is intelligent, contextual and verifiable.

The flood of recent international breaches also means that identity management and authentication will have a higher profile in the boardroom. Corporate executives and boards will be held accountable for breaches that damage their corporate brand. This will increase their level of involvement in security strategy and governance. Security will shift from an IT problem to a business executive problem.

Physical and logical convergence

With smartcard-based physical access already in place at many enterprises, the next logical step is to provide the same level of protection for digital assets. Physical access control provides a first line of defence, but a multi-layered approach is required for truly proactive security. As such, there is a compelling argument to implement smartcards for logical access.

In fact, businesses are beginning to realise the benefits in cost savings, ease of use and increased security by ‘marrying’ physical and logical access control onto a single platform. Instead of adding technological and management complexities by having separate access control systems for physical facilities and electronic data, it makes more sense to combine the two solutions and gain higher assurance, cost savings, efficiency and ease of use.

The marriage of physical and logical access into a single solution builds an infrastructure of increased trust. Deploying smart cards to employees, partners and other key individuals is a proactive enterprise approach to higher assurance. Except for information that requires little or no protection, user names and passwords will one day be considered an unacceptable access control mechanism, as they are easily forgotten or compromised.

The multi-factor authentication and PKI architecture offered by smartcards vastly decreases the likelihood of unauthorised users gaining access to sensitive data. Today’s credential management solutions help manage heterogeneous environments that combine all of the normal access management models such as passwords, software certificates and hard physical tokens, allowing migration by department or groups from one model to the next and so on.

Ease of use is another compelling argument for marrying physical and logical access onto a single platform. Users will not have to carry multiple credentials, nor will they need to remember multiple passwords or PINs to access applications and data. Instead, they will have one smart card that can be used for everything.

Collaborate and integrate

Many companies consider integrating physical and logical security to be a technical effort. Logical and physical security organisational structures are typically described as two silos, each reporting up through different management structures. While this is not ideal, the organisational chasm can be bridged by having physical security participate by collaborating with the integration of the two systems.

With the use of embedded identity analytics, administrators will be able to drill down into potential ‘road blocks’ existing in logical and physical identity lifecycle management processes, allowing the identification of areas of process inefficiency and to ensure meeting business service level agreements.

One thing is certain, everything revolves around positive identification that can be audited and potentially used in court for prosecution. Perhaps most importantly, though, such an integrated system brings down the barriers that have stalled the convergence of physical and logical access control systems for so long.

IT departments and facilities management staff can finally work together to become more efficient and eliminate security gaps in the process, once an IT and user-friendly building security system has been acquired.

Privileged access management portfolio

CA Technologies has released enhancements to its comprehensive privileged access management portfolio, giving customers control over the privileged accounts that support a hybrid IT environment and are a frequent vector for cyber attacks.

By updating and integrating CA Privileged Access Manager (formerly Xceedium Xsuite) and CA Privileged Access Manager Server Control, CA helps reduce the risk of data breaches by extending the depth and breadth of control over privileged users, from the gateway to the server and from the database to the cloud – all from a single management console.

Says Michael Horn, CA Southern Africa, security business unit manager, “In any cyberattack, bad actors have a single goal in mind – elevate privilege in order to get access to the most sensitive systems and data. And if the attacker is a disgruntled insider, he or she may already have that access. CA’s privileged access management solutions help protect an organisation’s most sensitive systems and information.”

CA Privileged Access Manager allows customers to implement controls at the network gateway, managing privileged user access to systems and applications based on the identity of the individual user. CA Privileged Access Manager Server Control resides on the server and manages user activity based on resource protection, with policies that control file access and actions taken on the server. This prevents bad actors from covering their tracks and helps accelerate breach discovery.

With the enhancements, customers can consistently manage and control privileged users at both the network and the server. When an IT administrator accesses a system, CA Privileged Access Manager automatically triggers CA’s Server Control product and to apply policies on the server resources based on the individual’s identity vs. simply the administrator account. This provides a more detailed and granular level of access control.

In addition, CA Privileged Access Manager has expanded integration with service management tools to further streamline privileged user provisioning and de-provisioning for those individuals who only require short-term privileged user access, such as temporary employees or contractors.

Michael Horn, CA Southern Africa's security business unit leader.
Michael Horn, CA Southern Africa's security business unit leader.

Biography: Michael Horn

Michael Horn is the CA Southern Africa security business unit manager. Over the past three decades Michael has accumulated extensive specialist skills based on real-world exposure to: architecting; implementing – including the operational management – of a variety of information security technologies. Michael is a Certified Information Systems Security Professional (CISSP) and the author of several publications. Michael has experience in a wide range of identity and access management technologies including advanced authentication, identity consolidation, unified access management and privileged access management.

For more information contact Michael Horn, CA Southern Africa, +27 (0)11 417 8765, michael.horn@caafrica.co.za.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...
A long career in mining security
Technews Publishing Editor's Choice Mining (Industry) Risk Management & Resilience
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Read more...
Future trends for electronic safety and security in mining
Fang Fences & Guards Mining (Industry) Integrated Solutions AI & Data Analytics
The mining industry is ever evolving, driven by technological advancements and the growing need for enhanced safety and security measures, with significant innovation seen in turnkey electronic security for mining operations.

Read more...
Unlocking enhanced security for mining
Mining (Industry) Integrated Solutions
In the dynamic landscape of African mining, security remains of paramount concern as threats evolve and challenges persist, and mining companies seek innovative solutions to safeguard their operations, assets, and personnel.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Risk management: There's an app for that
Editor's Choice News & Events Risk Management & Resilience
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Read more...
Integrated information platform for risk management
Editor's Choice News & Events Risk Management & Resilience
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Read more...
Unlocking Africa's AI potential
Editor's Choice News & Events AI & Data Analytics
Africa's AI market is set to grow exponentially; by investing in AI education, training, and ethical practices, African nations can harness the power of AI to transform the continent and create a brighter future for its people.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Risk Management & Resilience
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.

Read more...