February 19, 2015 By Ravi Srinivasan 2 min read

IBM InterConnect 2015 is right around the corner. This is always an opportunity for organizations from around the world to share, collaborate and recommend strategies to secure the new era of computing. This year, chief information security officers and identity and access management (IAM) leaders are turning their attention to the digital identity as a security weak link and, specifically, the human interactions across the enterprise and in the cloud. Many organizations are embarking on bring-your-own-digital-identity strategies, while others are relying on silos of enterprise identities and context awareness to secure authorized access to enterprise applications and data on a need-to-know basis. Organizations need to evolve their IAM infrastructure to secure authorized access to their crown jewels that reside in the distributed and mainframe environments while enabling themselves to leverage the new era of the cloud and mobile computing.

At this year’s conference, IBM will share the evolving threat landscape and the following three key considerations to strengthen IAM programs in 2015:

1. Digital Identity Needs to Become a Security Control

By compromising an authorized user’s digital identity and intruding upon his or her access with common vulnerabilities and attacks, attackers gain the quickest path to the enterprise’s crown jewels: data. Today’s Web access management systems authenticate and authorize user access while letting the Web content flow through without security checks. In order to defend the enterprise against targeted attacks and session takeovers, Web access management systems need to evolve to become aware of security threats and vulnerabilities. They cannot turn a blind eye.

2. Identity Context Is Essential for Fraud and Insider Threat Prevention

The rapid cloud, mobile and social transformations continue to erode the traditional security perimeter as we know it. This results in multiple perimeters around the enterprise resources, business partner interactions and cloud-based services. For example, mobile employees’ extranet access resembles that of an end consumer’s access. Outsourced IT employees administer business-critical assets with privileged access from remote locations. Traditional, static access definitions need to evolve to use identity context such as user, device and transactional attributes to help ensure legitimate users have access and fraudulent user activities are prevented.

3. Identity Governance and Analytics Are Required Elements for Enterprise Risk and Compliance Management

Organizations today have siloed and customized IT-driven identity management to govern the access of their employees, contractors and partners and help support their regulatory compliance posture. This offers opportunities for the enterprise users to be productive while introducing ways for the business to be compromised in the new era of computing. Audit and risk teams alike continue to demand answers to seemingly simple questions. Who is doing what, where and from how many points of access? Business-driven identity management with a focus on identity governance and real-time identity and access analytics can help answer these questions and enables better decision-making and detection of anomalous behavior to audit, providing enterprise-wide security risk management.

Figure 1: IBM Threat-Aware Identity and Access Management

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today