By Rajat Bhargava Posted April 20, 2015
IT admins know that the number one digital asset that they have is identities. There is nothing better for a hacker than stealing identities. The right ones are the keys to the kingdom – and even if it isn’t the admin credentials, hackers can still cause a lot of damage.
The scary part for many IT admins is that an organization doesn’t even need to be breached to have its credentials compromised. That’s because many people use the same username and password across a variety of services. Those services may not have anything to do with the business, but may still contain personal information that links them back to their employer.
Smart hackers will steal credentials from the easiest place they can get them and then try those credentials everywhere they can. If they can analyze more about who that person is, they will end up having a good understanding of where they work, what services they use, and a great deal of their digital life. If a person hasn’t been vigilant, then those credentials end up being used elsewhere and now hackers are into your organization.
Don’t believe that this is true? It has happened time and again with very significant examples.
Security Innovations through DaaS
New directory services solutions such as Directory-as-a-Service® are working to tackle this problem.
Cloud-based directory services realize that identities are going to be all over the place in a cloud oriented world. They will be on cloud infrastructure, SaaS-based applications, cloud productivity solutions such as Google Apps (now known as G Suite) or Office 365, and on a plethora of devices.
But how can you centralize and control those identities in order to help detect a problem?
Methods to Improve Identity Security
Password Rotation and Multi-Factor Requirements
A core part of the problem here is that passwords are reused in multiple places. In order to help ensure that passwords are different, you can force frequent password rotation and also not accept previous passwords as the updated password. A strong Directory-as-a-Service solution will help you accomplish these tasks. Another excellent method to avoid being hacked is to employ multi-factor authentication on your various services.
Deep Logging of Access
Even with all of the protections for your users, you’ll want to also have deep logging of all access to your systems. If you can create a forensic log of all access, you’ll be able to run that through your log analysis solution to see if there has been a compromise. A great Directory-as-a-Service solution will provide you with the raw materials to be able to go do this.
Strong Hashing Mechanisms
Passwords should be stored securely. Ideally, you’ll have them stored in a one-way mechanism. Directory-as-a-Service does this by salting and hashing with strong mechanisms effectively making a password irretrievable even if the system is compromised.
Improve Security with DaaS
Security is one of the top concerns for organizations in the cloud era. With all of the breaches that are announced almost daily, who could blame businesses for thinking that way?
Identities are at the core of the risk. Leveraging a Directory-as-a-Service solution is an excellent way to increase the security of an organization. If you would like to learn more of have questions about how DaaS can help you, contact us. You can also try out our cloud-based directory for yourself. Your first 10 users are free forever – no credit card required.