Most recent cyberattacks have utilized stolen user credentials that allowed the attackers through their victims’ virtual front door. Getting through the front door should not be this easy, but recent IT trends make managing access increasingly complex.

As business has become more digital, the number of applications has grown, and different groups of users — for example, employees, contractors, customers and business partners — were given their own access controls, often built into individual applications. Second, the adoption of mobile and cloud computing has blurred previously distinct enterprise boundaries, resulting in separate mobile- and cloud-focused access controls.

This has left organizations with fragmented, heterogeneous access management systems and difficulty establishing uniform, intelligent security policies. In short, it has made them an easier target for potential attackers.

What You Need to Guard the Front Door

Fortunately, all is not lost. Access management technologies have evolved to address the complexity that many organizations face today. A robust, centralized access management platform must have three key characteristics.

1. Mobile

It is not sufficient to have strong access controls that only work for one type of interaction, such as Web browsers or a single application. Users are accessing sensitive IT systems from mobile phones, tablets and smart devices, and a growing API ecosystem is making it easier for developers to create rich user experiences across platforms.

To increase security and enable centralization, an access management platform must be able to create and enforce policies in each of these settings, or attackers will quickly exploit the weak links.

2. Risk-Based Access Controls

Usernames and passwords alone provide insufficient security. Intelligently analyzing additional context about the user’s interaction to determine a level of risk and taking action accordingly can greatly improve security outcomes.

What does this look like in practice? If a user who usually logs in from one device logs in from a new device, he or she can be prompted for an additional factor of authentication. Or certain types of sensitive actions (fund transfers, for instance) might only be permitted if a user is connected directly to the corporate network and on a device in compliance with corporate security standards.

This kind of intelligence not only increases security, but also improves the end user experience because the context is evaluated transparently in the background and only disrupts the user’s activity if the risk is high.

3. Federation

Cloud-delivered software-as-a-service (SaaS) applications can boost productivity and reduce costs. Business partners can achieve new levels of efficiency and collaboration by granting each other’s users access to their applications. However, these relationships create a serious access management challenge as security administrators attempt to maintain synchronized and current user lists across systems. In some cases, cross-domain user administration is completely impossible.

An access management platform that includes support for federated access allows users to bring their identity with them from their organization or a social identity provider (e.g., Google, Facebook). When federation is an integral part of access management, security administrators can extend the benefits of mobile and risk-based access control to users accessing cloud applications. In addition, users can authenticate once for both enterprise-hosted and cloud applications, saving time and multiple-password frustration.

Finding a Solution

By deploying a centralized access management platform that supports mobile access, risk-based access and identity federation, organizations can untangle the web of access technologies that has evolved over time. They can confidently reestablish user access as a key security control and, in the process, enhance user experience by reducing authentication interruptions and increasing user productivity.

Strong, centralized, intelligent access management helps shut the door on attackers.

IBM has recently announced a new version of its access management platform, IBM Security Access Manager (ISAM). It helps organizations take back control of access management.

Register for the Oct. 22 webinar to Learn more about IBM Security Access Manager

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…