USA +1 855 726 4878  |  BR +55 11 3069 3925 

The New Context for User Identity Management

by | Dec 27, 2019 | BLOG

In a world where Digital Transformation – through remote teams, Cloud, and Bring-Your-Own-Device (BYOD) – is increasingly impacting business and people’s lives, new cyber threats are emerging as challenges to organizations. One such threat is theft of user identities, which can be obtained through phishing or Social Engineering attacks, for example. 

According to Verizon Data Breach Investigations Report 2019, 29% of data leaks involved the use of stolen credentials. By using these credentials to access an organization’s environment, the malicious attacker could stay weeks or even months undetected. That is because, although improper (and even illegal), access through the stolen username and password can be considered legitimate, and 56% of these malicious actions took over a month to detect.

Today, we are experiencing a revolution in the device connectivity approach: people working outside the corporate environment, multiplication of connected devices, and migration of data from on-premises to cloud structures. Given this scenario, Gartner estimates that, by 2020, there will be more than 20 billion devices connected.

In this new reality, can you really trust the identity of users or the integrity of these devices?

Considering the traditional models in which devices are connected within the organizations’ environment, security approaches were based on the “Trust, but verify” models. In these models, it was only necessary to protect the environment’s perimeter of trust from external threats. At times, however, traditional protection means such as username and password will not be able to protect the organization’s infrastructure from potential threats, which may be within the perimeter of the environment itself. Thus, considering the aspects of Digital Transformation, this perimeter of trust no longer exists, and as in the case of trust, all actions must be verified, even if something has been requested or performed by some theoretically reliable user.

In this situation, the goal of a Privileged Access Management or PAM solution is to perform centralized access management through the control, storage, segregation, and tracking of all environment access credentials. From the use of this type of solution, one can ensure that the access is actually being performed by a user and that the user is allowed to do so. Thus, Zero Trust-based approaches have emerged not only to ensure that access is granted to verified individuals but also to verify that user actions comply with the organization’s access policies. 

That said, what aspects and features of user identity verification can be associated with Zero Trust?

The first of these features is Single-Sign-On: In Zero Trust, based environments, users can use only one credential (or an identity provider) to authenticate to any application installed in the environment. senhasegura, as a PAM solution, provides single-sign-on access to a range of devices including Windows servers, VMWare, databases, SSH-based devices such as Unix, Linux, routers and switches, and web applications. One can also perform authentication on senhasegura through the user configured in directory services such as Active Directory and LDAP, in addition to GoogleID.

Another important aspect associated with Zero Trust is the multi-factor authentication or MFA. By using it to authenticate or perform actions on senhasegura, one can add an extra layer of protection for the user. In this case, in addition to the username and password, an access token-generated code is required to verify the user’s identity.

As mentioned, just verifying the user’s identity is not enough. Behavior analysis is required through ongoing assessment and monitoring of actions taken in the environment to identify potential non-compliance. In this context, the verification of abnormal accesses, access time, resources used are some of the aspects that should be considered for decision-making regarding access.  It is worth to mention that Zero Trust-based models do not necessarily involve simply allowing or blocking access. Identity, services, applications, data, and systems policies can be set for own employees, third parties and vendors. 

In practice, access policies may allow “always verify” and “always monitor” actions for third party and vendor identities. Thus, the “always verify” policy may require multi-factor authentication, for example, while an “always monitor” policy may require auditing and monitoring of all activities in the environment. Employee classifications can be adaptive, based on the type of data accessed.

senhasegura allows user session analysis based on behavioral history, as well as the identification of suspicious accesses or queries by a range of criteria, such as the number of accesses, unusual time, unknown source, or atypical duration. One can configure a list of commands and suspicious behaviors in the environment according to risk level and, whenever identified, alerted, and consolidated in a graphical dashboard. Thus, the Information Security team can take immediate action if necessary.

The last aspect of Zero Trust-based identity is the principle of least privilege, which is strongly associated with managing user roles. The principle of least privilege states that users should only have the permissions to access data, applications, and general assets that are required for the tasks they perform. Therefore, user access permissions should be well defined and carefully checked. The Information Security team should identify users with improper access and adjust them. By defining and configuring Access Groups on senhasegura, one can segregate roles and configure pre-approved and emergency access or, access from workflows, with single or multiple approvals, without the user having access to the credential’s password.

With the expansion of mobile devices, remote teams and the use of cloud-based solutions, organizations are facing a new reality: the elimination of the security perimeter and the concept of internal and external threats. Misuse of credential privileges can cause considerable damage to organizations. Taking into account the functionality of a PAM solution, it is possible to grant, manage, monitor, revoke and audit access to critical systems through privileged credentials. 

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...