by Anthony Koochew
Founder & CEO
Anthony is an Architect with over 15 years experience helping clients realise the most value from Microsoft Azure, Office 365 and EMS. View full profile.
Managing employee identity is a lifetime commitment.
The Problem: Compromised credentials in user accounts
Many business leaders consider targeted attacks to be their biggest security concern. The truth? 52% of Australian data breaches were caused by compromised credentials.
Compromised credentials are a common attack vector that allows for data exfiltration and lateral movement (the entry point isn’t where the damage is done). Therefore, if your strategy for keeping credentials secure isn’t robust, neither is any part of your environment. If half of all data breaches come from stolen credentials, it isn’t your patchy server that will let you down. It’s your people.
This challenge is only further enhanced with remote and hybrid working now standard, meaning Australian organisation have a larger attacked surface area than ever before. Keeping employees’ user identities secure from the moment they join the business is the best way to avoid remediation later. Prevention is always better than cure.
Identity and Access Management Example: Delayed Offboarding
A software engineer’s contract ends on a Friday afternoon, but HR never notifies IT. Over the next few weeks, this stale account is left active and unmonitored. A malicious actor enters the network with access to all the resources and data available to this account.
To make matters worse, the organisation’s user creation process simply copied another engineer’s system and resource access. As this engineer worked in a different function, they had access to additional, different resources and privileges, including sensitive data. The hacker then strikes across this unnecessarily widened attack surface area.
By Monday morning, ransomware has been installed and it becomes a matter of time before the IT team must conduct an expensive incident response. Whereas a more precise user provisioning process (onboarding) would have minimised the impact of the breach and a swift offboarding could have prevented it entirely.
Accurate onboarding and timely offboarding are critical for protecting against identity theft. While most businesses have a considered onboarding strategy, access management during offboarding is rarely given the same amount of attention.
71% of organisations do not have any formal offboarding process.
Whose Problem is Identity and User Access?
IT leaders must constantly balance their ability to enhance security with employees’ ability to do their job. Too much access, like the example above, can be detrimental. But too few access rights to user accounts slows operations and frustrates employees, encouraging non-compliance.
If granting access rights is solely a job function of an organisation’s service desk, it puts the responsibility of assigning resources and user access into the hands of a department that cannot validate its accuracy. This can lead to the copying of the closest team members’ user accounts, which is a recipe for granting too much access or privileges.
Instead, HR, hiring managers, department heads and IT must collaborate to ensure only the right people are given access rights, privileges and software and nothing more. Board members in organisations with revenue over $3 million should remember they also have a legislative responsibility to prevent cyber attacks.
The Importance of a Holistic Approach to Identity Management
Identity and access management in an organisation is not a one-time task, but a continuous cycle involving different departments. It’s not solely an IT problem or an HR problem; it’s an organisational challenge.
To best safeguard an environment, multiple departments should collaborate with one goal in mind – Identity Lifecycle Management based on Zero Trust principles. A Zero Trust policy has two key foundational components;
- Just Enough Administration (JEA) attributes precisely the amount of privileges an administrator needs to perform a task. This prescriptive assignment of privileges reduces the traditionally “open slather” model of user access management a domain administrator might have had in the past.
- Just in Time (JIT) grants user access privileges for only as long as is necessary for a task to be completed.
JEA and JIT are best implemented alongside the development of the onboarding and offboarding phases of identity management lifecycle. Given the complexity and high stakes involved, an integrated, automated solution for user onboarding and offboarding can offer significant advantages in securing employee identities and ensuring compliance.
The Role of Automation and Artificial Intelligence in Identity Management
Using automated onboarding and offboarding software is crucial for scalable, efficient and precise identity management. SIEMS that include machine learning and AI algorithms can identify anomalies in user behaviour and permissions, alerting system administrators to potential security risks before they escalate to data breaches. Automated provisioning systems can also quickly deactivate user accounts, minimizing the window of opportunity for malicious actors. By automating these two key functions, an organisation can achieve and maintain the balance of optimal security with employee productivity and satisfaction.
Identity management is a cornerstone of any cybersecurity strategy. By adopting a robust user provisioning (onboarding) and offboarding process, you not only protect your organisation but also empower your employees to be more productive without compromising security discipline. Treat both as equally critical, or risk becoming a statistic in the growing list of companies felled by poor identity management practices.
For an expert analysis of the best approach for managing identities across your organisation, reach out to the team today.
