Over the years, I have written a ton of content ranging from
Biometrics to Cybersecurity, with everything and anything in between. This has
resulted in the publication of 9 books, and some 20 eBooks, with this group
growing quickly (thanks to KDP, it is a very easy process to get self-published).
Just in the last months I have written some 7 whitepapers, ranging from the
CMMC to the DevSecOps to Windows 365 restoration.
But there is one area that has eluded me to write, and that is
the topic of Identity and Access Management. This is the field essentially
where all of the usernames and passwords are properly managed (at least in theory),
with the primary purpose of protecting these crown jewels from the hands of the
Cyberattacker.
It’s not just simply assigning login credentials and telling
employees to follow your security policies, but it has become much more complex
than this because of the heavy adoption of cloud-based platforms such as those
of the AWS and Microsoft Azure.
From within them, there are a ton of sophisticated tools
that an organization can use to manage all of the usernames and passwords of their
employees.
One such tools is that of the Azure
Active Directory. At the simplest level, you can create various user profiles,
and from there, you can assign blanket login credentials to whomever. So,
through just one login, your employees will be able to gain access to other shared
resources that they need to conduct their every day job tasks.
In fact, the concept of IAM is
now becoming a key concern in the Cyber industry, and according to a recent
conducted by Cider Security, it is ranked second as the second biggest problem
that organizations face when migrating to the cloud. More information about this
can be seen here:
But despite the suite of tools
that are available from AWS and Azure, trying to gain control of your IAM
processes can still backfire for the following reasons:
*There is way too much assumption
on part of the business that the IAM structure the cloud provider has to offer
will be 100% congruent to what has already been established. Very often, this
is not the case, and the painstaking of process of mapping out what goes where
needs to happen first.
*After the migration to the cloud,
there is often a sense of the lack of “command and control” amongst many IT
Security teams into the login credentials of employees, because of the lack of
not being trained before hand of what to expect.
*If the IAM is not configured properly,
many employees will experience the problem of having to login multiple times in
order to gain access to what they need to. Very often, new passwords will have
to be set up, thus making the employee having to remember dozens of them, which
defeats the whole purpose of IAM all together. This will lead to huge employee
frustration, with the end of result of the “Post It Syndrome” reappearing, and in
a worst-case scenario, the downloading of unauthorized apps.
*Not disabling accounts after an
employee leaves the organization.
*If your employees are frustrated
(as eluded to before), another problem is that they will simply start sharing
passwords once again, causing even more problems down the road, such as the
lack of accountability as to who is accessing what.
My Thoughts On This:
Just as much as you need to
create a rock-solid Cybersecurity Policy in general, you need to create the same
thing for your IAM platform. You need to take a cut of the cloud platform that
you are intending to create and see how well your IAM policies fit into it. In other
words, create a sandbox like environment first, and play around with that to
make sure all is well before you release your IAM policies into the production
environment.
Second, don’t let the security
tools that are available in AWS or Azure dictate your cloud migration. They are
only there to help you, so you don’t have to spend extra $$$ in trying to upgrade
your security tools. Rather, you need to figure out how those tools can fit
into your IAM environment. I know that Azure has an entire security center full
of stuff, but it is up to you to figure out what you really need and how it
will fit in.
Third, make IAM one of your first
priorities in anything you do that relates to your IT and Network Infrastructure.
Both the authentication and Cyber threat landscape are becoming extremely
dynamic and complex, thus by staying on top of your IAM needs and objectives,
you will leave less backdoors behind for the Cyberattacker to penetrate into.
Fourth, whatever tools you use
(for example in Azure), make sure that you configure them to your own settings.
Never rely upon the default settings!!!
Fifth, managing an IAM platform
is not as easy as you think. It can become quite complex, depending upon size
of your organization, and the kind of cloud deployments that you are intending
to have. Thus, don’t be afraid to ask for help. This is where the role of the Cloud
Services Provider (CSP) can be of immense help. Not only can they help you with
your configurations, but they can manage them for you as well, so that you stay
focused on what is most important to you:
running your business.
No comments:
Post a Comment