Identity Management Day: Advice from Our Identity Management Champions

Identity Management Day is about raising awareness of the importance of identity management and securing digital identities, and sharing best practices to help organizations and consumers #beidentitysmart. As part of Identity Management Day, April 13th, 2021, we are proud to recognize individuals and organizations who are prioritizing identity management and security as Identity Management Champions.  We asked our Identity Management Champions What is the biggest challenge facing your customers related to identity management/identity security and what one piece of advice would you give them?” Below is our second installment of advice from these champions. Make sure to check out the previous blog.

“Without a doubt the biggest threat we see to identities is the dramatic shift to credential theft and away from traditional personally identifiable data acquired in mass attacks. Threat actors are far more interested in collecting personal and business logins and passwords that can be used in credential stuffing, BEC, and supply chain attacks. Why attack 1000 consumers to gain $300,000 when you can attack one business and walk away 3x that or more?

The advice we give consumers and businesses is simple: good password & cyber hygiene. Long, memorable passwords (12+ characters); a unique password for each account; no sharing passwords at work & home; multi-factor authentication with an app, not SMS when possible; and, never click on a link in an unsolicited email, text, or social media DM – check the sender to see if it’s a legit address and contact the sender directly if in doubt.”

James E. Lee, COO, Identity Theft Resource Center

“You cannot fully transform your digital presence, or your digital business, without focusing on the digital identity. It should be the first foundational component you understand within your Cyber Security team. The biggest challenge that I see, is that most organizations don’t fully recognize the role of identity and its’ impact to every facet of their business.  My advice would be to make a commitment to invest into an identity strategy, and establish a forward-looking approach. It needs to address the mounting technical debt that legacy systems and applications carry with them. It needs to include implementation of a modern identity solution that simplifies, innovates and enables their business. And finally, the strategy needs to take a ‘risk aware approach’ to balance the customer experience while increasing security.”

Rebecca Archambault, Trusted Identities Leader, Highmark Western and Northeastern New York

“In healthcare, the biggest challenge is finding the resource for implementation and management of the program. Pre-COVID, healthcare IT staff had more work than they could handle. Now, with the addition of the COVID requirements, HIT staff just can’t find the time to implement. My best piece of advice around this is, first, don’t think of identity management as a project –it’s a journey that continues. If you have to name it something, call it a “program.” Second, it’s not an HIT program, you must garner the support and championing of the program from a diverse set of executives (HR, CMO, COO, CIO, CISO, etc.). This way, when you have to forego other projects (the main problem as noted above), then you have the support of other executives, whose projects are probably going to be delayed. As in almost every problem in life, it’s all about communication and collaboration.”

Wes Wright, Chief Technology Officer, Imprivata

“The biggest challenge faced by many customers that are prioritizing and beginning their journey to identity and access management is literally where to start with so many options such as single sign-on, multi-factor authentication, success metrics, provisioning, deprovisioning along with access and entitlements.

My advice for companies that are looking for the best practices on where to start a successful journey is to start with the most sensitive accounts in the organization such as privileged access and 3rd party access that, if compromised, can lead to very damaging security incidents.  Get in control of the accounts that matter the most and then continue to rollout those security controls to other accounts in the organization.  To help companies get on the right path Thycotic has created the Privileged Access Management checklist that will help organizations navigate the complexities, map out a path to access and help ask the right questions.”

Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic

Thanks to all our Identity Management Champions! We’ll continue to share advice from this community, so stay tuned!  Also check out other advice in support of Identity Management Day from the Identity Defined Security Alliance and National Cyber Security Alliance.  If you are an Identity Management Champion and would like to submit your organization, send your submission.

Related Articles

Preventing the Latest Trend in Identity-Related Attacks
Blog: Securing Cloud Access with CAEP. Digital rendering of a cloud protected by a digital box
Securing Cloud Access with Continuous Access Evaluation Protocol (CAEP)
How to Secure IoT Device Identities
How to Secure IoT Device Identities
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.