As we approach the end of 2020 (finally!) and reflect on the last 364 days, I think it is safe to say that everyone shares this same perspective – it was truly a year like no other.
And while most every aspect of our personal lives was turned upside down; this year also represented a major change in how we work and how we transact business. Almost overnight, organizations were forced to support employees working from home using personal devices and unprotected WIFI networks. On-line shopping neophytes were now Amazon prime members, ordering groceries, home supplies and take-out online. These changes and more thrust cyber security into the daily news cycle – phishing and ransomware are now virtual happy hour fodder. Digital transformation initiatives, big and small, were put into warp speed and with it the need for identity-centric security.
Our 2019 year-end blog discussed our plan to double down in 2020 on our mission of helping organizations reduce risk through identity-centric security strategies, by providing education, best practices and resources. As we count off the last few days of this year (that we desperately want to be over) here’s a subset of the resources we published this year to give you a head start on a more secure 2021 for your users and your customers.
Making Security a Team Sport is Critical to Identity Access Management Success highlights the uncomfortable truth, as reported in our research in late 2019 The State of Identity: How Security Teams are Addressing Risk, that organizational disconnects can undermine identity security initiatives and overall security.
Identity Security: A Work in Progress surveyed over 500 identity and security leaders to explore the causes of identity-related breaches and the state of identity-centric security adoption. 79% of organizations suffered an identity-related breach in the last 2 years according to our research. However, organizations with a forward-thinking approach to identity-centric security suffered significantly fewer breaches than their counterparts who considered their approach proactive or reactive.
Mitigating the Risk of Social Engineering discusses the ins and outs of social engineering and how organizations can reduce the risk in the event a valid credential falls into the wrong hands. Jerod Brennen drilled deeper into the mind of a hacker in the webinar Hacking Identity: The Good Bad and Ugly of Identity-Centric Security Controls.
Identity Defined Security Outcomes (18 published to date) can improve your security posture through identity-centric security and reduce the risk of a breach. Each Outcome includes Identity Defined Security Implementation Approaches, which are well-defined patterns that combine identity and security capabilities, providing flexibility in how outcomes can be achieved. The outcomes and approaches are intended to be a set of options from which you can, and should, select based on your organization’s security challenges and current situation. When defining an implementation roadmap, preference should be given to the security outcomes that are relevant to your organizational business needs and priorities. In addition, each outcome provides a cross-reference for those organizations who are following NIST frameworks and guidelines, including Cybersecurity Framework 1.1, SP 800-207 Zero Trust Architecture and SP 800-63 Digital Guidelines.
Securing Your Remote Workforce through Identity-Centric Security provides guidance on the common vulnerabilities introduced with the sudden shift to a remote workforce and the Identity Defined Security Outcomes that mitigate the risk of a breach.
Zero Trust Myth Blog Series and Zero Trust: Where Do You Start? continued our focus on the role of identity in Zero Trust strategies, as the need for the balance between security and user experience was heightened by work from home requirements.
IAM Best Practices Blog Series, Avoid the 4 Identity Program Booby Traps, The Unique Challenges of Customer Identity and Access Management all touched on the common pitfalls, unique challenges and best practices for implementing identity and access management, whether users (employees, third parties, etc) or customers, therefore setting the stage for identity-centric security strategies.
#Howto Adopt an Identity-Centric Approach outlines the steps to shift your organization to think identity first, moving closer to an identity-centric approach to security raising the bar of entry for attackers and magnifying the impact of every dollar spent on security.
These are just a few of the great resources collaboratively developed by our members this year, however, there is much more to discover on your own! In total, we published 24 blogs from 17 different authors and 2 Technical Working Group subcommittees, authored articles that appeared in Forbes, Dark Reading, SC Magazine and InfoSecurity Magazine to name a few, and broadcast more than 14 webinars and podcasts with leading identity and security experts. Whether you are an identity or security vendor or IT professional, we hope that you will join us in our mission.
On the last day of this difficult year, we look forward to next year – new research, expansion of best practices and security outcomes, and more education and resources that focus on the important challenges we face in making our digital lives more secure. So long 2020!