Identity and access management still a concern when it comes to breaches
Enterprises are starting to take precautions to strengthen credentials
22 April, 2016
category: Corporate, Digital ID, Financial, Government, Health, Smart Cards
Hackers are still using weak credentials and identity and access management policies to gain access to systems and cause havoc.
In February, the Cloud Security Alliance released “The Treacherous Twelve: Cloud Computing Top Threats in 2016” which revealed the top concerns expressed by IT security professionals in cloud computing.
Data breaches, account hijacking, and malicious insiders all rated as top threats. The enabling of these attacks can occur because identity and access management systems aren’t scaled properly, failure to use multifactor authentication, insufficient password use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates. As a result, these deficiencies can enable unauthorized access to data and damage to organizations and end users. It was not surprising to find that insufficient identity, credential, and access management were listed as the top vulnerabilities.
In response, the Cloud Security Alliance released the Identity Solutions: Security Beyond the Perimeter survey to address insufficient identity, credential, and access management and gain a better understanding and perception of enterprise security in the evolving IT world.
The findings from the survey were a bit mixed. Of those who reported a data breach, 22%of respondents noted that it was due to compromised credentials. Additionally, 65% of respondents indicated that the likelihood their company would experience a future breach due to compromised credentials was medium to high.
Companies embracing big data solutions also adopted more perimeter and identity security solutions.
Companies area starting to take identity and access management more seriously. Of those surveyed, 76% had internal access control policies extended to outsourced IT, vendors, and other third parties.
Single sign-on was also prevalent from web and cloud-based apps with more than 50% of those surveyed having those systems in place. Multi-factor authentication and tokens are also prevalent with 72% of respondents having those systems in place.
The full Cloud Security Alliance report can be downloaded here.