February 19, 2015 By Ravi Srinivasan 2 min read

IBM InterConnect 2015 is right around the corner. This is always an opportunity for organizations from around the world to share, collaborate and recommend strategies to secure the new era of computing. This year, chief information security officers and identity and access management (IAM) leaders are turning their attention to the digital identity as a security weak link and, specifically, the human interactions across the enterprise and in the cloud. Many organizations are embarking on bring-your-own-digital-identity strategies, while others are relying on silos of enterprise identities and context awareness to secure authorized access to enterprise applications and data on a need-to-know basis. Organizations need to evolve their IAM infrastructure to secure authorized access to their crown jewels that reside in the distributed and mainframe environments while enabling themselves to leverage the new era of the cloud and mobile computing.

At this year’s conference, IBM will share the evolving threat landscape and the following three key considerations to strengthen IAM programs in 2015:

1. Digital Identity Needs to Become a Security Control

By compromising an authorized user’s digital identity and intruding upon his or her access with common vulnerabilities and attacks, attackers gain the quickest path to the enterprise’s crown jewels: data. Today’s Web access management systems authenticate and authorize user access while letting the Web content flow through without security checks. In order to defend the enterprise against targeted attacks and session takeovers, Web access management systems need to evolve to become aware of security threats and vulnerabilities. They cannot turn a blind eye.

2. Identity Context Is Essential for Fraud and Insider Threat Prevention

The rapid cloud, mobile and social transformations continue to erode the traditional security perimeter as we know it. This results in multiple perimeters around the enterprise resources, business partner interactions and cloud-based services. For example, mobile employees’ extranet access resembles that of an end consumer’s access. Outsourced IT employees administer business-critical assets with privileged access from remote locations. Traditional, static access definitions need to evolve to use identity context such as user, device and transactional attributes to help ensure legitimate users have access and fraudulent user activities are prevented.

3. Identity Governance and Analytics Are Required Elements for Enterprise Risk and Compliance Management

Organizations today have siloed and customized IT-driven identity management to govern the access of their employees, contractors and partners and help support their regulatory compliance posture. This offers opportunities for the enterprise users to be productive while introducing ways for the business to be compromised in the new era of computing. Audit and risk teams alike continue to demand answers to seemingly simple questions. Who is doing what, where and from how many points of access? Business-driven identity management with a focus on identity governance and real-time identity and access analytics can help answer these questions and enables better decision-making and detection of anomalous behavior to audit, providing enterprise-wide security risk management.

Figure 1: IBM Threat-Aware Identity and Access Management

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today