Felipe Contin Sampaio 3:26 PM (0 minutes ago) to me

BR +55 11 3069 3925 | USA +1 469 620 7643

The New Context for User Identity Management

by | Dec 27, 2019 | BLOG

In a world where Digital Transformation – through remote teams, Cloud, and Bring-Your-Own-Device (BYOD) – is increasingly impacting business and people’s lives, new cyber threats are emerging as challenges to organizations. One such threat is theft of user identities, which can be obtained through phishing or Social Engineering attacks, for example. 

According to Verizon Data Breach Investigations Report 2019, 29% of data leaks involved the use of stolen credentials. By using these credentials to access an organization’s environment, the malicious attacker could stay weeks or even months undetected. That is because, although improper (and even illegal), access through the stolen username and password can be considered legitimate, and 56% of these malicious actions took over a month to detect.

Today, we are experiencing a revolution in the device connectivity approach: people working outside the corporate environment, multiplication of connected devices, and migration of data from on-premises to cloud structures. Given this scenario, Gartner estimates that, by 2020, there will be more than 20 billion devices connected.

In this new reality, can you really trust the identity of users or the integrity of these devices?

Considering the traditional models in which devices are connected within the organizations’ environment, security approaches were based on the “Trust, but verify” models. In these models, it was only necessary to protect the environment’s perimeter of trust from external threats. At times, however, traditional protection means such as username and password will not be able to protect the organization’s infrastructure from potential threats, which may be within the perimeter of the environment itself. Thus, considering the aspects of Digital Transformation, this perimeter of trust no longer exists, and as in the case of trust, all actions must be verified, even if something has been requested or performed by some theoretically reliable user.

In this situation, the goal of a Privileged Access Management or PAM solution is to perform centralized access management through the control, storage, segregation, and tracking of all environment access credentials. From the use of this type of solution, one can ensure that the access is actually being performed by a user and that the user is allowed to do so. Thus, Zero Trust-based approaches have emerged not only to ensure that access is granted to verified individuals but also to verify that user actions comply with the organization’s access policies. 

That said, what aspects and features of user identity verification can be associated with Zero Trust?

The first of these features is Single-Sign-On: In Zero Trust, based environments, users can use only one credential (or an identity provider) to authenticate to any application installed in the environment. senhasegura, as a PAM solution, provides single-sign-on access to a range of devices including Windows servers, VMWare, databases, SSH-based devices such as Unix, Linux, routers and switches, and web applications. One can also perform authentication on senhasegura through the user configured in directory services such as Active Directory and LDAP, in addition to GoogleID.

Another important aspect associated with Zero Trust is the multi-factor authentication or MFA. By using it to authenticate or perform actions on senhasegura, one can add an extra layer of protection for the user. In this case, in addition to the username and password, an access token-generated code is required to verify the user’s identity.

As mentioned, just verifying the user’s identity is not enough. Behavior analysis is required through ongoing assessment and monitoring of actions taken in the environment to identify potential non-compliance. In this context, the verification of abnormal accesses, access time, resources used are some of the aspects that should be considered for decision-making regarding access.  It is worth to mention that Zero Trust-based models do not necessarily involve simply allowing or blocking access. Identity, services, applications, data, and systems policies can be set for own employees, third parties and vendors. 

In practice, access policies may allow “always verify” and “always monitor” actions for third party and vendor identities. Thus, the “always verify” policy may require multi-factor authentication, for example, while an “always monitor” policy may require auditing and monitoring of all activities in the environment. Employee classifications can be adaptive, based on the type of data accessed.

senhasegura allows user session analysis based on behavioral history, as well as the identification of suspicious accesses or queries by a range of criteria, such as the number of accesses, unusual time, unknown source, or atypical duration. One can configure a list of commands and suspicious behaviors in the environment according to risk level and, whenever identified, alerted, and consolidated in a graphical dashboard. Thus, the Information Security team can take immediate action if necessary.

The last aspect of Zero Trust-based identity is the principle of least privilege, which is strongly associated with managing user roles. The principle of least privilege states that users should only have the permissions to access data, applications, and general assets that are required for the tasks they perform. Therefore, user access permissions should be well defined and carefully checked. The Information Security team should identify users with improper access and adjust them. By defining and configuring Access Groups on senhasegura, one can segregate roles and configure pre-approved and emergency access or, access from workflows, with single or multiple approvals, without the user having access to the credential’s password.

With the expansion of mobile devices, remote teams and the use of cloud-based solutions, organizations are facing a new reality: the elimination of the security perimeter and the concept of internal and external threats. Misuse of credential privileges can cause considerable damage to organizations. Taking into account the functionality of a PAM solution, it is possible to grant, manage, monitor, revoke and audit access to critical systems through privileged credentials. 

The main causes of data leaks

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more! The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview...

What is the SOC 2 report and why is it important for senhasegura?

SOC 2 provides a report after completing the audit. Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security. Want to know more about this subject? Read our...

What is a lateral movement attack and how does it occur?

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed. In this article, we explain in detail what side threats are and how to avoid them. Want to know...

Why are government organizations favorite targets for cybercriminals?

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more! In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not...

Building a Ransomware Incident Response Plan

Ransomware is a type of cyberattack where malicious attackers lock down their victims' computers and demand a ransom to unlock. In this, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Read our text until...