In the first half of 2017 alone, the volume of cyber-attacks doubled compared to the same period just one year earlier. There is no doubt that the security threat to businesses is growing; cyber crime is rarely out of the news. With upcoming legislation, such as the EU GDPR (General Data Protection Regulation) or the Payment Services Directive (PSD 2), coming into force, organisations will have to prove they are making every effort to protect data, providing clear audit trails of what is accessed, when and by who. Whether you’re just starting out, or are looking to improve your existing access management strategy, the following five considerations are key in 2018.
1. Simplify your infrastructure by consolidating access management technology
Often, organisations have multiple solutions in place to manage strong and adaptive authentication, Web Access Management, Mobile Access Management, Enterprise Single Sign-On (ESSO), and Identity Federation. There is little technology available that enables organisations to manage all of these systems from a single platform. Using a number of disparate access management solutions can be problematic and provide a splintered view of user access.
To best ensure access is secure and properly regulated, it’s important to have a single and reliable view of all user access across all access points. Single platforms produce a clear audit trail, which is much simpler to control and manage. Employees are able to clearly see their rights, and managers are better equipped to control access and determine entitlements for employees.
2. Be aware of who has access to sensitive data and applications
More employees are working remotely, yet they still demand quick and easy access to applications they would have in the office. This extension of applications outside of organisations may present problems when managing user access. A lack of control over access to sensitive applications from internal and external users can result in critical data loss, security breaches and the disclosure of confidential information.
To maintain compliance with legislation such as GDPR, organisations will need to show they hold personal data securely in terms of accessibility and encryption. This also means knowing exactly who is able to access this data.
3. Enable your workforce to work securely on any device
Bring Your Own Device (BYOD) and the use of mobile devices is fast becoming the norm. Deployment of these devices can often cause headaches for IT security managers, as well as employees wishing to use mobile devices efficiently. Increasing demands from the business means that mobile devices need to be fully supported to enable employees to access the network securely. Not being able to provide a high level of security across all devices used to access sensitive information is a major security risk.
4. Keep access traceability of a constantly changing workforce
Organisations are always going through workforce changes. Managing the movement of staff and the necessary changes to entitlements can present a challenge that is often overlooked. Not being able to manage these changes quickly and effectively can lead to dormant accounts being left open – an easy way for cyber criminals to gain access to sensitive data.
5. Increase authentication and bring single sign-on to end-users
Access can be managed through a range of methods; passwords, ID and additional forms of identification can often be required. It can be difficult for individuals to use different access methods for each application and having to remember multiple passwords. The confusion can lead to a security breach, with people using overly simple passwords, writing them down or constantly changing them. This flawed approach increases the risk for organisations and means they are unable to enforce strict IT security policies, as well as increasing pressure on the IT department.
Access management should be a key consideration for all organisations in 2018. The implications of not having a secure and comprehensive solution in place can have severe consequences, as we have seen time and time again in security breaches reported throughout 2017. Having a comprehensive access management system in place not only eliminates this as a concern, but means your employees can work freely and efficiently, without having to worry about a complex sign on process differing across each device.
Read the full paper: Five Key Access Management Considerations to Consider in 2018