By Greg Keller Posted December 13, 2016
Identity theft is at an all-time high. Hardly a day goes by without a major security breach being announced. Yahoo, Twitter, LinkedIn, eBay, Target, and hundreds more have been hit.
While all of these breaches are awful for the individuals whose accounts have been compromised, there is a very real risk for downstream consequences for their employers. IT admins have reason to be concerned that those credentials are the same ones used to access critical resources inside their IT infrastructure.
This is a critical security concern, considering the identity’s place at the core of IT security:
5 Ways IT Admins can Secure Identities
There are a number of ways that admins can reduce the risk of identity breaches by securing their identities. Here are five different mechanisms that IT admins can leverage to protect their user credentials.
#1 Central User Management Platform
Having a central directory service gives IT organizations real control over their infrastructure. User accounts are provisioned and deprovisioned without mistakes. A forgotten account on a critical server doesn’t happen when you have a system in place. Auditing of the user accounts and what people are doing is also a valuable addition and capability of an identity management platform.
#2 One-Way Hashing and Salting of Passwords
You should insist on any password storage being done via one-way hashing and salting of those credentials. This makes it virtually impossible for hackers to reverse engineer passwords. When passwords are protected via encryption, a decryption key must be stored somewhere. A hacker that can obtain the key now can decrypt the entire password database.
#3 Password Complexity, Reuse, and Rotation
Make it hard for your users to have the same passwords for their personal accounts and their professional accounts. By increasing complexity, rotation, and limiting password reuse, you can make it far more difficult for common passwords to happen. Better yet, encourage your users to leverage password managers that generate long and complex passwords.
#4 SSH Key Management
Where it makes sense, leverage SSH keys instead of passwords. Keys are far more secure and provide a better way to access IT resources. Of course, SSH keys aren’t possible with a number of IT resources. However, they are with your AWS cloud servers. That can help protect your servers. Enable your users to easily manage their public SSH keys via your identity management platform.
#5 Multi-Factor Authentication
Perhaps one of the most important steps to take with identity security is multi-factor authentication, also sometimes called two-factor authentication. Instead of just gaining access with a password, users now need to input a token that is generated on their smartphone or sent to them via SMS. Since a hacker must now have not only the password but also the user’s phone, it is extremely difficult for the user account to be hacked.
Check Off the List with One Move
Securing identities is one of the most important tasks of an IT organization. It is also one of the most difficult tasks in today’s environment. Hackers are more sophisticated than ever, and there is more surface area to protect. One of the best ways that IT admins can increase the security of their identities is to leverage a central user management platform, ensure that passwords are hashed and salted, leverage password complexity, use SSH keys where possible, and implement multi-factor authentication.
All of these major capabilities are available with the modern Directory-as-a-Service® platform.
If you would like to learn more about how a cloud identity management platform can increase your identity security, drop us a note. In addition, please feel free to give Directory-as-a-Service a try for yourself. Your first 10 users are free forever.