By Rajat Bhargava Posted March 30, 2015
Enterprise security once meant installing anti-virus software and maybe a firewall. Those were simpler times.
Today, securing an organization’s network is a critical task that organizations are expending tremendous resources to accomplish.
There are multiple layers of the enterprise security puzzle that IT admins need to manage. In this post, we’ll highlight the various layers, but specifically focus in on one of the most important: identity security.
Depth of Security
In the network security business, we often call the layers of security defense in depth. Each layer is another line of defense against a different set of potential risk areas.
Overview of layers:
Network security – this layer protects the organization by ensuring that no malicious traffic enters the network. Examples include firewalls, intrusion detection/prevention solutions, VPNs, and others. Think of this as making sure that the packets flowing through the network are the right, safe ones.
Device security – servers, desktops, and laptops all need to be protected. Often this includes ensuring that the devices are patched. Other security mechanisms include host-based intrusion detection and file integrity solutions. These are meant to determine if a hacker has gained control of the device.
Application security – application vulnerabilities can be a mechanism for hackers to gain access to critical data. Web applications are particularly prone to this as they often are exposed to the Internet and a vulnerability could allow access to the back-end databases. There are secure coding techniques and scanners that check for these security holes.
Data security – encryption technology is often viewed as the critical data security solution. There are ways to protect data when it is at rest and also when in-transit. Other data security solutions try to detect if confidential data has left the corporate network.
Identity security – for hackers, identities are the quickest way to gain access to and control over the network. Merely obtaining a system admin’s credentials often will give hackers all the power they need to wreak havoc. This area is one of the most difficult to secure due to the requirement for end users to be involved. As such, systems must be created to help end users protect their credentials and to identify automatically if they have been compromised.
The Primacy of Identity Security
While each of these layers are important, identity security trumps everything else. That’s because if a hacker can get credentials, the rest of the security measures can be bypassed. The hacker is already on the “inside”.
Improved Enterprise Security through Service
Directories can be the core system to protect identities. But historically, directory services have not excelled at helping organizations protect and secure their identities.
Next generation solutions such as Directory-as-a-Service® are changing that. Identities stored in the DaaS system are one-way hashed and salted, effectively making it impossible for the credentials to be decrypted. Passwords and keys can be rotated on a regular basis to ensure that if credentials have been compromised, they aren’t for long. An effective Directory-as-a-Service will also work with end users to ensure that passwords are sufficiently long and complex. Multi-factor authentication is also another game changer in protecting identities. A simple username / password combination can be made vastly more secure with the addition of a token delivered to the user’s phone.
Identities are one of the most sought after digital assets for a corporate hacker. Incorporating identity management and security approaches into your enterprise security strategy is absolutely necessary if you want true security.