Page 191 - Cyber Defense eMagazine December 2023
P. 191
This collaboration marks a paradigm shift, recognizing that traditional defense mechanisms must evolve.
As CISA observes, the success of cyberattacks is often "enabled by an environment of insecurity," a flaw
exacerbated by our collective blind spots concerning identity and its related data. Reducing these blind
spots requires a greater focus on effective identity data management.
How Identity Data Management Addresses CISA’s Three Pillars
CISA's updated strategic plan focuses on enabling businesses to achieve three core objectives:
addressing immediate threats, hardening the terrain and driving security at scale. The agency wants
these pillars to be the foundation of every business’s security strategy. So, how can effective identity data
management help organizations achieve this?
When we talk about immediate threats, ransomware and phishing instantly come into the conversation.
The ransomware attack rate is breaking records yearly, while 74% of breaches still include phishing or
social engineering elements. Identity data management provides a proactive approach to addressing
these threats.
Expanding our understanding beyond just human identities to include the identities of servers,
applications and systems can help to identify which systems or users are more vulnerable to such attacks.
It allows a better scope for enabling targeted training and applying layered authentication and access
control on specific devices and user repositories to mitigate immediate risks.
Hardening the terrain requires management across the entire IT ecosystem and across every network
element. Every component in our IT infrastructure—people, servers, applications—has an identity. To
create an impenetrable defensive posture and a rock-solid network terrain, we must manage, monitor
and administrate these identities. When each identity is meticulously managed, the likelihood of external
spoofing and unauthorized access diminishes. Essentially, the terrain becomes more resilient to an array
of attacks, making it harder for adversaries to exploit vulnerabilities.
Also, when it comes to driving security at scale, monitoring these identities across the IT infrastructure
allows for automation and real-time responses, thus scaling security measures effectively. For instance,
managing the identities of every connected device in an organizational network can streamline
permissions, ensuring only authorized devices and users interact in real-time.
Gaining visibility into how identities can be used to access sensitive data and systems is critical for getting
ahead of threats. A recent report from Gartner highlights that quality identity data is critical for successful
security projects and scaling access controls across complex IT environments.
Cyber Defense eMagazine – December 2023 Edition 191
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.