This blog post first appeared on Forte Advisory site
Our online world, like the larger world around us, is full of uncertainties and risks. We wake up to new data breaches on a nearly daily basis. As applications and data proliferate in a cloud and mobile world, the burden and reliance on Identity and Access Management (IAM) is greater than ever.
We must enable IAM with real-time risk information for making the most reliable identity management and authorization decisions.
Steve Tout, Founder, and CEO of Forte Advisory describes this as Highly Leveraged IAM.
“The idea that identity being the center of every interaction that end users have with a company, IAM can not only provide the right access to the right user at the right time, but also the best user experience across a diverse set of protective layers and capabilities and can make these existing investments even more effective.”
Economic growth, on a global scale, is perceived to be tied to the adoption and proliferation of Cloud Services. The adoption and proliferation of Cloud Services are strongly connected to, and currently inhibited by, security concerns. Valid considerations about risk and value.
Cloud security companies called Cloud Access Security Brokers (CASBs) are key to cloud adoption, and hence, cloud security. While it can be argued that Cloud security is good, 99% secure is not good enough. If a security breach happens, it will be a weak argument that 99% of the breaches were covered. The adversaries are ever more sophisticated and that 1% risk has been exploited too often.
IAM and CASB Services Integration
CASBs are at the epicenter of the action to create a more secure cloud. The better ones are growing to be more than just an added layer of controls for monitoring user activity. They are aligning with Identity-as-a-Service (IDaaS) providers and integrating an array of security applications to develop innovative security processes
The integration of highly-leveraged IAM and CASB services will deliver unprecedented visibility into user activity and when a violation of a policy occurs. A highly leveraged IAM program will produce significant ROI improvements for business while minimizing risk.
Actionable Intelligence to the Rescue
Infusing IAM with “Actionable Intelligence,” in the form of real-time risk information will enable a pro-active security capability previously unavailable. This next generation of IAM will be secure by default.
“Security by Default” may be achieved by overcoming one of the worst vulnerabilities that access management/security solutions suffer … the inability to recognize attackers with valid credentials. Today, security methods are all reactive. For example, when a hacker with valid credentials gains access, security measures are only enacted AFTER user accounts display anomalies. The damage may already be done. Files corrupted, corporate and personal data stolen, client relationships damaged by the bad publicity that follows.
Actionable Intelligence, derived from a Compromised Accounts Monitoring Service such as the VeriClouds database of corrupted accounts and passwords provides the proactive capability that will prevent the attack. With the fore-knowledge of corrupted accounts, the hacked credentials will NOT be recognized as valid. They will be known to the security system and will be blocked, or the passwords will have already been reset before the attack can happen.
A secondary value of the Actionable Intelligence is that, once aware that an account’s credentials have been compromised, corrective actions and user education can be implemented to assure the actions that caused the compromise are not repeated.
VeriClouds was founded by Rui Wang and Stan Bounev in 2014 to resolve the authentication security issues in Cloud Services. Information Security is not just a business opportunity. It is a calling, a passion, even an obsession. Rui and Stan joined forces to create ways to make the world more secure by making it safer to do business online. Rui has a Ph.D. in Cyber Security, and Stan is a successful entrepreneur with over 14 years of corporate and startup experience in the banking and technology industries.