Transcript
Hi everybody. It's Den Jones here, founder and CEO of 909Cyber. Today we're going to talk about identity and access management. So let's start with setting some context. Identities are not just users, the humans in your company, they're actually users. They are the service accounts. They are programmatic access via API, in fact, anything which has the ability to access data, devices, systems, applications, anything within your environment. Now, let's get to number one on the list. Lifecycle management and governance. It is absolutely vital that on day one you can get accounts up and running, so your company is productive. Get them up, set up with the right access and the right permissions to just what they need and no more. So your birthright settings are vital to get established early on and then within different departments or teams in your organization, how do you get those set up and understood as part of that onboarding process?
Probably more vital though, is when people are, things are no longer in use. So if someone leaves a company or applications and services are shut down, you've got to look at those accounts and get them disabled as quickly as you can so that you don't leave them available for bad guys to take advantage of. Remember, one of the ways that bad actors stay and hide in your environment is by taking over accounts that you're not paying attention to. So you've got to take this one seriously. Number two in the list is central identity management. So you've got to think about this as your IDP. That could be the intra IDs, the Optus of the world, the pings, any of these technologies. There's a lot of them out there and there are some better than others. We don't want to jump into that one, but think about getting all your applications that are vital to your business configured to leverage these IDPs so that when users are logging in, you can set policy and you can also understand and log what work, what people are accessing strong authentication.
So when they are accessing stuff, you've got to think of it as, are we doing multi-factored authentication? And I'd love to add some whizzbang on top with some zero trust. There's no point in allowing access from a device to an application because the user knows their username password and they got MFA correct. You want to do some device posture and make sure that the device meets your minimum requirements as part of that optimization and access process. Think of this as something like you don't want the bad guy accessing the data because they're on a device which is compromised, and just because you've got the username and password and MFA correct, you're still letting them in. The other thing, when it comes to MFA, try not S-M-S-S-M-S is still prone to SIM swapping attacks. So let's make sure you are avoiding that stuff like the plague if you can.
Now, after that, number four comes continuous monitoring and auditing. Listen to this. You've got a lot of data in your environment. You're logging from applications and devices and infrastructure, your identity stack. Make sure you're using that log information to your advantage. If you imagine there is a service account, that thing always goes from one device to another, and it's a very simple understood transaction. If there's any deviation from that transaction, maybe that's a point where we're setting up an alert. So pay attention and use your data before the breach, not after the breach. Finally, number five, the list. Secure your APIs and your privileged identity and access management. So Pam, you've got to protect these APIs, the machine to machine identities with strong authentication and implement privileged identity management and ideally just in time so that privileged users don't have the fuel privileges their whole time. In some cases, you might want to accept accounts for privileged access from regular access, and in some cases you might even want to have different devices, different setups from a networking perspective. So think about that one, and it's a little bit more advanced for some companies, but definitely you make sure you don't forget about it. So Den Jones, 909 Cyber. We are here to help. If you're struggling with your identity and access management strategy or your implementation, or you just have questions, please reach out. We're always available. Thanks.
.svg)
.svg){kind=icon}
