At its core, identity and access management is really all about ensuring that a user’s identity is authenticated to a high degree of assurance, and that the user is authorized to access just the right services he or she needs to be productive and efficient. It may sound simplistic, but that’s really it.
Access Management solutions provide authentication and authorization services and enforce user access policy to a company’s employees and customers across the web, mobile apps, and other digital channels. According to the 2019 Verizon Data Breach Investigation Report, 80% of hacking-related data breaches involve compromised or weak credentials, and 29% of all breaches (regardless of the type of attack) involve the use of stolen credentials. Passwords are the main point of vulnerability. The more passwords you have to juggle and the more frequently you have to request or change access for lost or forgotten passwords, the larger the risk that your personal and professional data may be hacked.
The first half of 2019 saw over 4.1 billion records exposed in data breaches. Three of those breaches were among the 10 largest of all time. This represented a 54% year-over-year increase according to the 2019 MidYear QuickView Data Breach Report from Risk Based Security. Increasing security while limiting our reliance on passwords is vital to helping prevent another surge in data breaches. IAM capabilities like multi-factor authentication, role and attribute-based access control help secure against data breaches resulting from password compromises. To better guard against data breaches, you must ensure that you have the right policies in place – policies that can understand and detect anomalous behavior as a second line of defense.
This is the basic concept behind Zero Trust. The idea is that, by default, you are asked to prove your identity at every single access point. Your system must be able to create a “behavior baseline” for what constitutes typical usage, such as location, time of day, type of device. It will then be able to better understand when something feels out of the ordinary. If you don’t typically logon from Romania at 3:00 in the morning, the system will treat the access attempt as suspicious.
We are ultimately headed for a password-less future. Standards and systems such as FIDO2, security keys (Yubikeys, Google Titan keys), and biometrics (FaceID, TouchID) are eliminating the need for manual password entry, paving the way for a future digital environment that is less vulnerable to human error… and much easier on overworked IT departments.
Learn more about Idaptive’s Next-Gen Access platform here.
This post originally appeared in a Quora Q&A session hosted in January 2020. Our CPO Archit Lohokare was asked to discuss the state of cybersecurity, Zero Trust, artificial technology and machine learning and working in the security field, among other things. Stay tuned as we share more of his answers in our blog!