Identity Management Day is about raising awareness of the importance of identity management and securing digital identities, and sharing best practices to help organizations and consumers #beidentitysmart. As part of Identity Management Day, April 13th, 2021, we are proud to recognize individuals and organizations who are prioritizing identity management and security as Identity Management Champions.
We asked our Identity Management Champions “What is the biggest challenge facing your customers related to identity management/identity security and what one piece of advice would you give them?” Below is our fifth installment of advice from these champions. Make sure to check out the previous Identity Management Day blogs.
“Time management is the greatest challenge. Our clients represent a wide range of technical disciplines and industries, but they can all relate to the challenge of finding time to implement proper identity security measures.
“We recommend using tools including password managers, scheduled security assessment reminders, and automatic system updates. Remember that no method to protect identities will be more time-consuming than recovering from identity theft; organizations need to ensure their data breach prevention methods are following industry best practices and governmental policies.”
John Reade, Computer Scientist at Quanterion Solutions Incorporated
“There’s some pretty straightforward stuff you can do. Always keep the software on your laptop or phone updated. Use unique passwords across accounts, try out a password manager, and use phrases that are longer and more complex than a single word. Make sure you use two-factor authentication where it’s available, especially with your bank and credit card accounts. There’s all kinds of companies that now offer other methods to prove who you are besides just a password. Take them up on it and make sure that it’s something other than text messaging, because SIM swapping can be used to break that method.”
Kurt Baumgartner, Researcher, Kaspersky
“One challenge healthcare organizations are finding difficult is the need to balance effective healthcare with the increasingly complex requirements of identity. Multiple cloud and on-prem services create a level of complexity that many users find difficult to navigate. With remote care becoming the norm during the pandemic, identity proofing has played a more critical role. Identity systems must be flexible and integrate easily with the menagerie of services that are being used.
Connecting these services as a single portfolio for a mobile workforce and an ever more mobile customer base is a problem solved by new architectures for service delivery like zero-trust. Zero-trust moves the border closer to the users and, as such, promises to allow for flexibility while improving security. We are finding clients want to move in this direction but frequently require assistance due to the solution’s complexity.
The implementation of good identity management is the convergence of three IT areas: development, systems administration, and security. To improve your organization’s security while also ensuring that user experience is not impacted, organizations should focus on best practices in all three areas. Using tools like the IDS Framework, companies can improve their practices in all of these areas.
Frequently, we find that our clients are also finding it hard to identify people who can effectively crossover between these areas. Identifying qualified candidates in this tight job market that can understand how to balance user experience with security has proven extremely difficult. Looking for candidates in your organization with 1 or 2 of the key aspects of identity and then providing outside assistance to augment their strengths has proven to be a practical approach.”
Matt Morton, HCISPP, CISM, CISSP, CGEIT, Senior Strategic Consultant, Vantage Technology Consulting Group
“The biggest challenge I’ve seen with my customers is around how to prioritize all of that identity work on their plates. Combined with the idea that they may not have their arms around every business process impacted by their identity program, this challenge can often feel overwhelming.
“The password problem is every digital consumer’s biggest pain point when sharing their identity online. The amount of daily friction tied to password management and identity verification reduces access for people and increases costs for businesses. It’s time to stop issuing logins that are useful for only one organization. It is time for people to control their own data and identity.”
Blake Hall, founder and CEO of ID.me
“The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) presented at the Fed ID Forum in September 2020 outlines how criminals exploit weaknesses in identity to commit more than $1B each month in cybercrime. A leading contributor is account takeover (ATO) fraud, which accounts for $350 million of fraud per month. Although more consumers are using better cyber hygiene practices, such as moving away from passwords and using multifactor authentication (MFA), not nearly enough are today. The piece of advice I’d like to highlight is to use multifactor authentication where possible and to only do business online with service providers that accept MFA.”
Michael Magrath, Director, Global Regulations & Standards, OneSpan
Thanks to all our Identity Management Champions! We’ll continue to share advice from this community, so stay tuned! Also check out other advice in support of Identity Management Day from the Identity Defined Security Alliance and National Cyber Security Alliance.
