Identity Management Day is about raising awareness of the importance of identity management and securing digital identities, and sharing best practices to help organizations and consumers #beidentitysmart. As part of Identity Management Day, April 13th, 2021, we are proud to recognize individuals and organizations who are prioritizing identity management and security as Identity Management Champions. We asked our Identity Management Champions “What is the biggest challenge facing your customers related to identity management/identity security and what one piece of advice would you give them?” Below is our third installment of advice from these champions. Make sure to check out the previous Identity Management Day blogs.
“Technology has advanced our world in countless ways, including how we navigate and manage our everyday lives. With just a few clicks from our devices, we bank, shop, conduct business, and exchange photos and messages with family and friends. This rapid adoption of technology comes with inherent risk to user privacy and digital security. In recent years, massive corporate data breaches have exposed billions of sensitive customer records. Once a person’s data is compromised, they can be at risk of phishing attacks and identity theft for years. While news headlines and media coverage of major data breaches have contributed to broader consumer awareness, most people still struggle to understand the full array of digital risks that can jeopardize their personal information or the best steps to take to safeguard their identity.
We recommend that consumers adopt best practices to increase their security hygiene and use solutions that offer remediation after Identity Theft occurs and provide proactive protection against those threats that can lead to ID theft in the first place. Identity protection should ensure that a customer’s privacy and personal information are protected at every level – from the device they use to the apps they download, the data they access and share online, and the networks to which they connect. And if a problem ever emerges, customers have full insurance coverage and expert assistance to best safeguard their identity & finances from theft.”
Firas Azmeh, General Manager, Personal Digital Safety & Carrier Partnerships, Lookout
“Since remote and hybrid work has become the new norm, the threat surface has exponentially expanded, and organizations’ IT departments are facing new security challenges. The biggest challenge our customers face is that regardless of their size, they’re increasingly targeted by hackers looking to get their hands-on personal data and intellectual property. While many small and medium-sized businesses may not have the resources to implement robust security programs, their IT teams are nonetheless tasked with securing all entry points, including cloud apps, unsecure Wi-Fi networks and unknown or personal devices. In addition to managing the expanding security landscape while dealing with limited time, staff and resources.
In order to maintain a high level of security, IT managers have to focus on securing the identity of the user, as it is the new security perimeter. To do this, IT managers should implement solutions like enterprise password management, single-sign-on, and multifactor authentication solutions that will provide visibility into user behaviors across apps and devices, keeping remote employees and company networks secure. Perimeter security is bolstered when these technologies work together under one umbrella. With these solutions in place, IT can quickly deploy tools, enable authentication methods, and set security policies while providing end users easy access to the tools they need to get work done. Both administrators and end users are enabled to seamlessly carry out their day-to-day work and responsibilities.”
Dan DeMichele, VP of Product, LastPass by LogMeIn
“Identity-related data is growing at a rapid rate. It started with traditional employees, vendors, contractors, customers and partners, but has quickly grown to include silicon entities like IoT devices, bots, service accounts, RPA, workloads and more. These new machine identities need access to data stored across on-premise, SaaS and multi-cloud environments. This, coupled with the shift towards remote work, has exacerbated security and compliance concerns for our customers, regardless of industry.
I give all our customers the same advice – which is centralize. Multiple point solutions to try and protect identity data will create more headaches and challenges than they are worth. Not only do these solutions need to work, they also need to meet strict compliance standards and mandates. A central solution is critical, not just to address identity and access risk across all assets, but to help with speeding digital transformation, which is a key need for our customers.”
Yash Prakash, Chief Strategy Officer, Saviynt
“Exabeam continually cautions its customers and partners on the pervasiveness of credential-based attacks. Login credentials have significant value, and the threat of theft persists from adversaries. The challenge is that usernames and passwords remain critical in our daily lives, from helping us complete work to carrying out personal matters like online shopping, banking or connecting with friends over social media.
Billions of previously stolen credentials live on the dark web, and we’ve just accepted that they fuel the underground economy and enable more credential stuffing attacks. We know that the hackers are bold and unconcerned with being detected on the network because they use sophisticated methods that mimic typical user activity. If their access is gained using valid credentials, it makes them even more difficult for administrators to catch.
We strongly support efforts, like Identity Management Day, that raise public awareness and can help to combat this issue. We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing. Organizations across industries can invest in machine learning-based behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”
Ralph Pisani, President, Exabeam
Thanks to all our Identity Management Champions! We’ll continue to share advice from this community, so stay tuned! Also check out other advice in support of Identity Management Day from the Identity Defined Security Alliance and National Cyber Security Alliance.
