Page 16 - index
P. 16
Clouding your Judgement
The nature of Shadow IT creates a void, with IT departments left in the dark when it comes to
who is accessing what, where and when. In the past, IT managed the identities for any
resources used by employees relatively easily because resources and users sat within the
corporate firewall. Today, these same users and resources may be outside the data center,
either in an authorized application deployed by IT, or, as we’ve identified, by departments within
the business deploying and using their own unmanaged (and unsecured) applications.
With identities now residing outside the corporate firewall and on disparate systems, and no
means of control over applications and the data they hold, organizations need to reconsider
their identity and access management (IAM) infrastructure.
Employees tend to be careless with their identities – the old sticky notes stuck on PCs in the
office are still in evidence – and many do not appreciate the damage that bad password hygiene
can cause.
The likelihood is that most people re-use the same passwords across multiple apps, sites and
services, or use weak memorable passwords, which can expose organisations to attack if their
details are compromised.
In a survey we conducted last year among 1,000 U.S. workers, we found that over a third of us
now enter more than 4,000 passwords online per year, wasting about 24 hours annually in the
process. It’s no wonder we are tempted to use the same password time and time again or ones
that we can easily remember!
Then there’s the challenge of managing user access rights for these unauthorized apps once an
employee leaves an organization. If the IT department is not privy to all of the applications a
person had access to during their time at the company, and the log-in details of a given
application, removing access becomes increasingly difficult as it falls outside the realm of
corporate IT.
Users must be encouraged to ensure authentication is secure. The best way to do this is to
extend existing corporate IT password policies and procedures, leveraging a user’s corporate
identity to authenticate to applications wherever they may be, and from whatever device they
are using – whether on-premises or remotely. This should also be backed up with multi-factor
authentication, such as the user acknowledging via their mobile phone that it is actually them
trying to access an application.
By incorporating Identity as a Service (IDaaS) and single sign-on (SSO) for all cloud
applications, organizations can eliminate the security concerns of password re-use and enable
provisioning and deprovisioning of users based on their role as defined in a centralized directory
service, like Microsoft Active Directory.
Being able to automatically provision and deprovision accounts is critical for controlling
application security, especially as employees are hired, change job titles, move between groups
and eventually leave the company.
16 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
