Five Trends That Are Driving The Need For Identity and Access ManagementJames Evans
Fifteen years ago, Identity and Access Management (IAM) was relatively simple; employees would work on the premises using a desktop PC that had been set up and configured by the IT department. Only those who had a login could gain access, and if you weren’t on the premises it was a lot harder to gain access to valuable corporate resources.
Fast-forward to today and security breaches of corporate IT networks are rarely out of the news. So far in 2015 we’ve seen large security breaches hit the financial, healthcare and higher-education markets, with high profile targets including Harvard University and the Office of Personnel Management.
So what has changed to make organizations so much more vulnerable today?
Below, we’ve identified five trends that are pushing the need for businesses to invest in their security, and in anIdentity and Access Management solution in particular:
The Consumerization of IT
As computers have become increasingly affordable and portable, more and more consumers have invested in them, to the extent that most households now have several. Employees now expect to access corporate information through these personal devices so that they can continue to work outside of the office.
Many businesses have embraced a “Bring Your Own Device” (BYOD) philosophy, actively encouraging employees to use personal devices to save the business money purchasing hardware.
The result is that employees are accessing corporate resources through more devices than ever before, utilizing their personal laptops, tablets and smartphones as work devices. Research by Gartner suggests that employees currently use an average of three different devices in their daily work routine but that this is expected to rise to five in the near future[i].
With proper security, the ability of an employee to access network resources through any device can increase both productivity and employee satisfaction. However, without a proper IAM solution, allowing access from any device can also make it easier for someone outside the business to gain access to valuable intellectual property.
The devices used by employees to access corporate resources now include laptops, mobiles, tablets and more. This increase in mobility can help employees work easier, for longer, and from a variety of locations. But it also increases their vulnerability.
Small devices like smartphones and tablets are easy to lose, and are a frequent target for thieves. Without proper Identity and Access Management, a lost or stolen phone or tablet represents a significant threat to company security. Through that stolen device someone could access business resources saved on it, or even access the corporate network.
IAM software can significantly decrease this risk by allowing enterprises to deactivate access for specific devices and usernames quickly and easily in the event of a problem.
These mobile devices aren’t just accessing the corporate network. As the devices used are often personally owned it is just as likely they will be used to browse the internet and access a wide range of apps across both home and unsecured public wireless connections.
This significantly increases the exposure of these devices to potentially risky situations. Public wireless puts them at increased risk of being hacked while numerous apps can give away third-parties access to many resources on the phone itself. If this phone also holds or has access to corporate data then there is a significant risk of exposure.
Cyber-crime is a growing industry and is likely to continue growing for many years to come. The statistics clearly show how large this problem has become:
- McAfee estimate that the likely overall cost of cybercrime, annually, is currently more than $400 billion[ii].
- The average cost of a breach in corporate security by cybercriminals is now $3.8 million, an increase of 23% since 2013[iii].
- A recent report on enterprise security found that 90% of the organizations surveyed had at least one damaging breach of their security within the last 12 months[iv].
Without knowing and controlling who is accessing your corporate data, you are making it that much easier for cyber-criminals to steal your intellectual property. The potential cost of cyber-crime to your organization spirals when you consider the potential lawsuits, fines for non-compliance, and loss of reputation that a breach might trigger.
Increased Sophistication of Password Crackers
The passwords that your employees choose are rarely strong enough to resist the brute-force systems employed by criminals today. Passwords are often too short, too obvious, and re-used far too often.
For businesses this can be a serious problem because even if their security is relatively tight, other organizations may not be so careful. If an employee repeats a password on another, third-party system, and that system is compromised, then the business can soon find its own security compromised. Password repetition is common because most individuals struggle to remember more a few unique passwords.
This danger can be mitigated by using anIdentity and Access Management service that manages your user’s business passwords for them, ensuring the user has a different, highly-secure password for each login, without requiring them to remember every single one.
Identity and Access Management Made Simple
Onion ID is a cloud-based, Software-as-a-Service (SaaS) identity and access management solution that allows your business to control and secure access to all of your business’s servers and containers.
Onion ID allows you to manage your employee’s credentials easily, ensuring every password is unique and secure and ensuring that your business is compliant with HIPAA, SOX, PCI, FedRamp and more.
Would you like to protect your organization better? Sign up to the OnionID newsletter today to learn more.
[i] Gartner.com – Gartner Says Demand for Enterprise Mobile Apps Will Outstrip Available Development Capacity Five to One – http://www.gartner.com/newsroom/id/3076817
[ii] McAfee.com – Net Losses: Estimating the Global Cost of Cybercrime – http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
[iii] RedmondMag.com – Report: Average Data Breach Cost Rises to $3.8 million – https://redmondmag.com/articles/2015/05/28/enterprise-breaches-on-the-rise.aspx
[iv] BetaNews.com – Executives lack confidence in enterprise security – http://betanews.com/2015/08/19/executives-lack-confidence-in-enterprise-security/