Access & Identity
Every organization can be a victim of identity or data breaches. Hence, Identity and Access are no longer just an IT concern, but a capability to enable all digital businesses.
Cloud, mobility and now IoT are creating an increasingly complex environment for us to understand and manage the lifecycle of identities and access credentials, from standard to privileged user accounts. In addition, there is a need to audit and analyze the permissions and actions of users to ensure compliance to various standards such as PCI, HIPAA and PDPA.
Cloud access security brokers (CASB) are on-premise or cloud-hosted software that sits between cloud service consumers and cloud service providers to enforce security, compliance, and governance policies for cloud applications. In short, CASBs help organizations extend the security controls of their on-premise infrastructure to the cloud.
CASBs provide visibility into cloud applications and discover cases of “shadow IT” cloud services. It can be used to identify sensitive data in the cloud and enforce security policies to meet data residency and compliance requirements and other data-centric security such as encryption, tokenization, access control and information rights management.
Insider threats and tightened privacy laws that include strict data protection and access control requirements are key driving factors for data security. As employees, partners, and contractors create, update, and share data, they work on and off the network, on corporate and personal devices, and in the cloud.
Hence, it is essential that we put in place the necessary controls to safeguard intellectual property and ensure compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints.
Public Key Infrastructure (PKI) is a popular approach for encryption, authentication and ensuring the confidentiality or integrity of data. It has been around for as long as the Internet. Its use is pervasive throughout the enterprises and the Internet. Industry regulations such as GDPR, eIDAS, PCI DSS, HIPPA have defined the need for PKI.
We predict a massive rise in the use of PKI. As the Internet of Things (IoT) continues to connect objects and relay information to people, new possibilities for business and personal life abound. Yet for all of the IoT’s possibilities, hackers are innovating as well. In light of the sensitive data that the IoT generates, high integrity messaging, secure communications and mutual authentication at an internet scale will be absolutely necessary for IoT to succeed. PKI has been securing network-connected devices all along, so expanding its use for the IoT makes sense. PKI has proven its worth in solving high-assurance problems in the past and stands ready to securely manage digital identities for the IoT.
Traditionally, passwords are used as the primary form of authentication to provide a “secret”. It is clearly insufficient in the current world to rely on just what you know, as the “secret” can be easily hacked. It has become a common practice to manage risks with additional multi-factor authentication for sensitive applications. This includes what you have (tokens, smart cards) or what you are (biometrics).
Mobile push-based authentication systems are becoming popular and are recommended as per NIST guidelines. These are usually in the form of a mobile app that does the authentication automatically, with no excessive demands on users.
Last but not the least, risk based authentication solutions are also gaining ground. This involves assessing the user’s unique network, device, and behavior to determine risk and prompt appropriate authentication measures.