Loading...

Written by CloudTalent – published 22 December 2015

You may remember, in the last blog we talked about the risks to your organisation caused by poor identity management and how to spot some of the possible vulnerabilities or symptoms of an attack? Well, in this article, we delve a little deeper in how to protect yourself from these risks and help you understand just how much of a risk this is and where IDAM (identity and Access Management) fits within the larger subject of limiting security issues. I’ll give you a clue – right at its heart!

4/20

The top 20 critical security controls are listed at the end of this blog, but for me the four that form the weakest links in our defences are:

  • Controlled use of administrative privileges
  • Maintenance, monitoring, and analysis of audit logs
  • Controlled access based on the need to know
  • Account monitoring and control

Why are they the weakest?

Because most organisations rely on their people to remember to check these things on a regular basis. Sure, everyone starts off with the best intentions, but after those first few attempts, forgetfulness and/or sheer work volume takes over. We’re human after all, and one thing we are not good at is remembering repetitive tasks.

So how do we automate these things?

I’m glad you asked! There are some great products out there that take the pain away and give you a good night’s sleep! Safe in the knowledge that these things are being dealt with 24/7 without you having to lift a finger! That disgruntled employee that left the company? Account closed down, all resources de-provisioned. That person who has moved from one department to another? Account transitioned and all previous access resources have now been replaced with their new required access permissions. Wait! What about that privileged access we gave out to that contractor while he was performing upgrades? Ahh, temporal policies! His access was removed when the requirement expired.

Of course we’ve only touched the surface of what products, such as MIM (Microsoft Identity Manager) can do for you, when configured with the right level of experience, of course, but the important takeaway from this is that good security is not just about protecting from the boundary. It’s about protecting against all eventualities and limiting the scope of attack. Whether it be disgruntled ex-employees, social engineering, sensitive data loss / leakage, accidental or deliberate misuse, and of course, exploits and APTs (Advanced Persistent Threats) that can make great use of those hundreds of administrators you have.

I have helped many organisations protect themselves and reduce their operational costs through automated identity management products. A properly configured solution will not just provide the basic provisioning needs, so that new starters automatically receive their Active Directory account and access to resources, but will handle all the intricate details of the JML process (Joiners, Movers and Leavers). This should include; mapping users to roles for departmental moves, assigning temporary policies to privileged groups, disabling and de-provisioning stale accounts, providing authorization controls and approvals, and above all, assigning only what’s needed for the user to do their work.

The 20 critical security controls

  • Inventory of authorized and unauthorized devices
  • Inventory of authorized and unauthorized software
  • Secure configurations for hardware and software on mobile devices, laptops, workstations, and servers
  • Continuous vulnerability assessment and remediation
  • Controlled use of administrative privileges
  • Maintenance, monitoring, and analysis of audit logs
  • Email and web browser protections
  • Malware defences
  • Limitation and control of network ports, protocols, and services
  • Data recovery capability
  • Secure configurations for network devices such as firewalls, routers, and switches
  • Boundary defence
  • Data protection
  • Controlled access based on the need to know
  • Wireless access control
  • Account monitoring and control
  • Security skills assessment and appropriate training to fill gaps
  • Application software security
  • Incident response and management
  • Penetration tests and red team exercises

Other recent blogs

Practical, no-nonsense advice for you and your business

How we help

The services we provide to our clients.

View More
News and views

News and views from inside and outside CloudTalent.

View More
Our Associate Network

Find out more about the UK’s leading network of IT experts.

View More
The Reality Exchange

Our unique vendor-free forum - find out what your peers really think.

View More
Our blogs

Practical, no-nonsense advice for you and your business.

View More

Next steps

Learn more about CloudTalent blogs and our authors.

Contact Us
contact us
CLOSE
Modal window
Contract
Share this page