Taking an aggressive approach: Why security teams need to be forceful in the digitally transforming world
June 2021 by Rich Turner, SVP EMEA, CyberArk
When life ground to a halt last year and business-as-usual was no longer a viable option, digital technologies finally took centre stage. Many that have long been heralded as potential game-changers saw their rate of adoption explode during the pandemic, and rightly so, given their potential to accelerate business growth and supercharge efficiency.
This leap forward – and the shift to cloud applications in particular – may have created powerful competitive advantages, particularly when it comes to accessing data. However, it has also vastly inflated the playing field for vulnerabilities, and opened countless avenues for malicious actors, many of which will remain open for exploitation once work returns to the new, probably hybrid, normal. They are set to worsen too as devices, apps and automation bots propagate even further across the enterprise, representing an easy target for cybercriminals looking to exploit poor cybersecurity practices around nascent technologies.
This is putting even more stress on already busy IT teams who need to take control of all forms of identity, whether they be people, devices or automated bots. IT teams need to act immediately and aggressively to mitigate this risk, and catapult identity security to the top of their overall cyber security strategy, and I’d like to explain why.
It’s not just a people problem
Just like humans – whether employees, partners and customers – devices, apps and bots using a network also have identities and privileges that are ripe for exploitation. The level of access and privilege afforded to every identity needs to be carefully controlled and managed in order to ensure secure, authorised data and applications.
While this has been the reality for some time, when digital transformation succeeds it is at a scale that compounds many of the security issues that already exist within an organisation. For example, for analytics driven by artificial intelligence (AI) to draw meaningful insights, massive amounts of data is required. This means there needs to be connectivity and communication between the many different identities across applications, devices, people and bots, and it needs to happen at scale almost instantly. If any of those identities are compromised, a malicious actor could enter an organisation’s network and use the privileges associated with that identity – whether it’s a human or not – to access what they should not be able to.
The same goes for Robotic Process Automation (RPA). While RPA increases efficiency and productivity, it also provides a new and attractive attack surface for exploitation. That’s because RPA bots are often given access to a variety of highly sensitive business applications, potentially giving attackers enormous powers should they be able to exploit it.
An increasingly complex environment
Managing this increasingly complex security environment is difficult, and organisations need to change the way they think about security – starting by taking a more aggressive approach.
The old security method, which takes the form of a fortress, no longer works. Where organisations once placed boundaries around the edge of a business with guards allowing only trusted parties, or those with the right privileges, to enter and leave, this fortress model doesn’t suit the modern digitalised, distributed environment of remote work and cloud applications. It’s just not possible to put a wall around a business that’s spread across multiple private and public clouds and on-premises locations.
This has led to the emergence of approaches like Zero Trust for access – an approach built on the idea that organisations should not automatically trust anyone or anything – and Identity Management, which recognises the scale and complexity of digital businesses.
Zero Trust demands that anyone trying to access an organisation’s system is verified, every time, before granting access on a ‘least privilege’ basis. Information about the user, endpoint, application, server, policies and all activities related to them is collected and fed into a data pool which fuels machine learning (ML). The benefit of this approach is that it automatically recognises unusual behaviours and unfamiliar machines and immediately triggers the need for additional authentication. Ultimately such applications of ML are likely to form the future of how we secure identity, and are already greatly reducing the complexity of analysis required for access controls.
Realistically, identity security represents the most effective way to bring access under control in the context of the increasing use and variety of emerging technologies. The risks of a breach are already high and this is only set to increase as attackers continue to become more sophisticated. IT teams that embrace new identity-based security approaches, and deploy technologies such as AI and ML to underpin them, will be able to rest more easily in the knowledge they have the right measures in place to help keep threat actors at bay, and can instead concentrate their efforts on ensuring security enables, not prevents, the transition to digital.