Why identity is the new perimeter in a post-COVID world
After the chaos of 2020, this year has been a period of recovery for the business world. Most enterprises are now realigning their strategies around remote working, with survey research revealing that few employees want to return to the office full-time.
Recognising that each individual can function as a mobile office, offering flexible working and focusing on value-based work over time-based work is now essential for recruiting and retaining staff, says Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.
But this greater flexibility has also created an expanded attack surface that is more vulnerable to cyber threats. A diffused network and scattered remote workforce make it easier for a threat actor to infiltrate the organisation with stolen credentials and a single compromised account can quickly escalate into a serious breach.
Against this threat, organisations must ensure that their security strategy has evolved with the rest of their IT infrastructure and is prepared for a post-COVID world.
Why should businesses reassess their security perimeter?
For many years, the traditional approach to cybersecurity has centred on a secure perimeter a castle wall designed to keep adversaries out. However, the network has beyond the perimeter and attackers are using more identity-based tactics. A castle wall is no defence at all if an attacker can simply steal a key and walk through the gate.
This means identity is the new perimeter and access has become the main security control. However, there are still many firms with one foot stuck in the past, usually locked down by limited budgets and the baggage of legacy infrastructure and technical debt.
Legacy solutions are also failing to protect privileged accounts that have advanced accessed rights and administration capabilities. These accounts are the main priority for any serious cybercriminal as they grant access to a wide range of assets and powers, including the ability to access and alter sensitive material, and erase logs to cover their tracks.
Why weak passwords are a serious threat
Serious security incidents almost always start with stolen login credentials. Last year’s SolarWinds attack was particularly infamous for its insidious supply chain tactics and choice of high-level governmental targets. But all of this was made possible with compromised credentials. This capability enabled them to insert malware into the Orion software update and approve it for shipping.
A security strategy based on passwords manually created and managed by human users results in weak, default, or re-used passwords that are easily stolen or brute forced. Even privileged account details are often shared across unsecure channels such as email the digital equivalent to the post-it on the monitor.
Keeping secure in this dispersed, perimeter-less environment means moving beyond old manual methods and implementing an automated approach that can keep pace with agile cloud-based environments.
What are the biggest security priorities ahead?
Effectively managing cyber risk today demands an intelligent, adaptive approach that balances security against usability. Organisations must move away from both outwards-facing perimeter-based strategies, and inefficient manual processes that are low-hanging fruit for threat actors.
Traditional security strategies have often been highly siloed, with organisations investing in multiple best-of-breed solutions but not enabling them to communicate with each other. In today’s highly complex, cloud-centric world, this approach will create blind spots that can be exploited by attackers.
Organisations must evaluate their current stack and focus on integrating solutions wherever possible to create a more single, centralised point of control. Future investments should also focus on interoperability in order to create a defence-in-depth strategy with multiple solutions working together, sharing threat intelligence to adapt to future threats.
One of the greatest challenges in securing the modern IT environment is the need to balance security against usability. Solutions and processes cannot afford to slow down or obstruct legitimate users, particularly with so many working remotely.
Authentication, authorisation, monitoring and all other secure access processes need to be as frictionless as possible, guided by automated policies that can apply risk-based rules that adapt to the situation.
Ideally, all of an organisation’s security solutions and processes should be working in harmony like a finely tuned orchestra. The key to keeping an orchestra in sync is a good conductor in this case a privileged access management (PAM) solution. PAM enables the security team to manage and secure credentials across the entire organisation, fine-tuning everything for a perfect fit. This removes risk posed by manually creating and managing passwords, and ensures that all applications across the infrastructure are in sync and working smoothly.
As organisations plan for the future, they must move on from traditional, static perimeters that only guard against the threats of the past. Focusing on interoperability, automation and orchestration will not only mitigate the risk of a threat actor exploiting stolen credentials, but provide a frictionless experience that allows the workforce to fully benefit from a cloud-based, remote-ready environment.
The author is Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.