October 13, 2015 By Brian T. Mulligan 3 min read

Most recent cyberattacks have utilized stolen user credentials that allowed the attackers through their victims’ virtual front door. Getting through the front door should not be this easy, but recent IT trends make managing access increasingly complex.

As business has become more digital, the number of applications has grown, and different groups of users — for example, employees, contractors, customers and business partners — were given their own access controls, often built into individual applications. Second, the adoption of mobile and cloud computing has blurred previously distinct enterprise boundaries, resulting in separate mobile- and cloud-focused access controls.

This has left organizations with fragmented, heterogeneous access management systems and difficulty establishing uniform, intelligent security policies. In short, it has made them an easier target for potential attackers.

https://www.youtube.com/watch?v=MzvgJNmgCzE

What You Need to Guard the Front Door

Fortunately, all is not lost. Access management technologies have evolved to address the complexity that many organizations face today. A robust, centralized access management platform must have three key characteristics.

1. Mobile

It is not sufficient to have strong access controls that only work for one type of interaction, such as Web browsers or a single application. Users are accessing sensitive IT systems from mobile phones, tablets and smart devices, and a growing API ecosystem is making it easier for developers to create rich user experiences across platforms.

To increase security and enable centralization, an access management platform must be able to create and enforce policies in each of these settings, or attackers will quickly exploit the weak links.

2. Risk-Based Access Controls

Usernames and passwords alone provide insufficient security. Intelligently analyzing additional context about the user’s interaction to determine a level of risk and taking action accordingly can greatly improve security outcomes.

What does this look like in practice? If a user who usually logs in from one device logs in from a new device, he or she can be prompted for an additional factor of authentication. Or certain types of sensitive actions (fund transfers, for instance) might only be permitted if a user is connected directly to the corporate network and on a device in compliance with corporate security standards.

This kind of intelligence not only increases security, but also improves the end user experience because the context is evaluated transparently in the background and only disrupts the user’s activity if the risk is high.

3. Federation

Cloud-delivered software-as-a-service (SaaS) applications can boost productivity and reduce costs. Business partners can achieve new levels of efficiency and collaboration by granting each other’s users access to their applications. However, these relationships create a serious access management challenge as security administrators attempt to maintain synchronized and current user lists across systems. In some cases, cross-domain user administration is completely impossible.

An access management platform that includes support for federated access allows users to bring their identity with them from their organization or a social identity provider (e.g., Google, Facebook). When federation is an integral part of access management, security administrators can extend the benefits of mobile and risk-based access control to users accessing cloud applications. In addition, users can authenticate once for both enterprise-hosted and cloud applications, saving time and multiple-password frustration.

Finding a Solution

By deploying a centralized access management platform that supports mobile access, risk-based access and identity federation, organizations can untangle the web of access technologies that has evolved over time. They can confidently reestablish user access as a key security control and, in the process, enhance user experience by reducing authentication interruptions and increasing user productivity.

Strong, centralized, intelligent access management helps shut the door on attackers.

IBM has recently announced a new version of its access management platform, IBM Security Access Manager (ISAM). It helps organizations take back control of access management.

Register for the Oct. 22 webinar to Learn more about IBM Security Access Manager

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today