BR +55 11 3069 3925 | USA +1 469 620 7643

The New Context for User Identity Management

by | Dec 27, 2019 | BLOG

In a world where Digital Transformation – through remote teams, Cloud, and Bring-Your-Own-Device (BYOD) – is increasingly impacting business and people’s lives, new cyber threats are emerging as challenges to organizations. One such threat is theft of user identities, which can be obtained through phishing or Social Engineering attacks, for example. 

According to Verizon Data Breach Investigations Report 2019, 29% of data leaks involved the use of stolen credentials. By using these credentials to access an organization’s environment, the malicious attacker could stay weeks or even months undetected. That is because, although improper (and even illegal), access through the stolen username and password can be considered legitimate, and 56% of these malicious actions took over a month to detect.

Today, we are experiencing a revolution in the device connectivity approach: people working outside the corporate environment, multiplication of connected devices, and migration of data from on-premises to cloud structures. Given this scenario, Gartner estimates that, by 2020, there will be more than 20 billion devices connected.

In this new reality, can you really trust the identity of users or the integrity of these devices?

Considering the traditional models in which devices are connected within the organizations’ environment, security approaches were based on the “Trust, but verify” models. In these models, it was only necessary to protect the environment’s perimeter of trust from external threats. At times, however, traditional protection means such as username and password will not be able to protect the organization’s infrastructure from potential threats, which may be within the perimeter of the environment itself. Thus, considering the aspects of Digital Transformation, this perimeter of trust no longer exists, and as in the case of trust, all actions must be verified, even if something has been requested or performed by some theoretically reliable user.

In this situation, the goal of a Privileged Access Management or PAM solution is to perform centralized access management through the control, storage, segregation, and tracking of all environment access credentials. From the use of this type of solution, one can ensure that the access is actually being performed by a user and that the user is allowed to do so. Thus, Zero Trust-based approaches have emerged not only to ensure that access is granted to verified individuals but also to verify that user actions comply with the organization’s access policies. 

That said, what aspects and features of user identity verification can be associated with Zero Trust?

The first of these features is Single-Sign-On: In Zero Trust, based environments, users can use only one credential (or an identity provider) to authenticate to any application installed in the environment. senhasegura, as a PAM solution, provides single-sign-on access to a range of devices including Windows servers, VMWare, databases, SSH-based devices such as Unix, Linux, routers and switches, and web applications. One can also perform authentication on senhasegura through the user configured in directory services such as Active Directory and LDAP, in addition to GoogleID.

Another important aspect associated with Zero Trust is the multi-factor authentication or MFA. By using it to authenticate or perform actions on senhasegura, one can add an extra layer of protection for the user. In this case, in addition to the username and password, an access token-generated code is required to verify the user’s identity.

As mentioned, just verifying the user’s identity is not enough. Behavior analysis is required through ongoing assessment and monitoring of actions taken in the environment to identify potential non-compliance. In this context, the verification of abnormal accesses, access time, resources used are some of the aspects that should be considered for decision-making regarding access.  It is worth to mention that Zero Trust-based models do not necessarily involve simply allowing or blocking access. Identity, services, applications, data, and systems policies can be set for own employees, third parties and vendors. 

In practice, access policies may allow “always verify” and “always monitor” actions for third party and vendor identities. Thus, the “always verify” policy may require multi-factor authentication, for example, while an “always monitor” policy may require auditing and monitoring of all activities in the environment. Employee classifications can be adaptive, based on the type of data accessed.

senhasegura allows user session analysis based on behavioral history, as well as the identification of suspicious accesses or queries by a range of criteria, such as the number of accesses, unusual time, unknown source, or atypical duration. One can configure a list of commands and suspicious behaviors in the environment according to risk level and, whenever identified, alerted, and consolidated in a graphical dashboard. Thus, the Information Security team can take immediate action if necessary.

The last aspect of Zero Trust-based identity is the principle of least privilege, which is strongly associated with managing user roles. The principle of least privilege states that users should only have the permissions to access data, applications, and general assets that are required for the tasks they perform. Therefore, user access permissions should be well defined and carefully checked. The Information Security team should identify users with improper access and adjust them. By defining and configuring Access Groups on senhasegura, one can segregate roles and configure pre-approved and emergency access or, access from workflows, with single or multiple approvals, without the user having access to the credential’s password.

With the expansion of mobile devices, remote teams and the use of cloud-based solutions, organizations are facing a new reality: the elimination of the security perimeter and the concept of internal and external threats. Misuse of credential privileges can cause considerable damage to organizations. Taking into account the functionality of a PAM solution, it is possible to grant, manage, monitor, revoke and audit access to critical systems through privileged credentials. 

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

Privileged Access Management (PAM): A Complete Guide

In 2021, there was a 50% increase in the number of attacks on corporate networks compared to the previous year. This is pointed out by Check Point Research (CPR), Check Point's Threat Intelligence division. And many of these attacks involve exploiting this type of...

What Is the Risk of Hardcoded Passwords For Your Business?

Today's organizations rely on numerous business applications, web services, and custom software solutions to meet business communications and other transaction requirements. Typically, multiple applications frequently require access to databases and other applications...
Copy link