By George Lattimore Posted June 20, 2018
When you stop to think about how 81% of all breaches stem from “compromised credentials,” aka identity breaches, an obvious target for progress within security emerges. With a percentage that alarmingly high, the industry should take note and turn the focus towards addressing the issue. This blog post will detail some simple identity security techniques that can be incredibly valuable when employed.
The Puzzle Around Identity Security
As you probably know, the IT landscape has gone through dramatic changes over the last two decades. It used to be that the entire network was on-prem and Windows®-based, and early on, this monopoly made it quite a bit easier to keep the network secure. Just make sure only the authorized people can get into the network and that your internal employees are all behaving reasonably well, and you’re pretty much set, right? Obviously, identity security and identities in general weren’t nearly as critical for the security puzzle as they are today.
Back then, almost everything was Microsoft®-based. IT organizations would just leverage Microsoft Active Directory® (AD) to be their identity provider and use AD to connect users to the IT resources they needed. Today, however, end users connect to a wide range of IT resources: AWS cloud servers, G Suite™ or Office 365™ for productivity platforms, Mac® or Linux® laptops, Slack, GitHub, Atlassian® web-based applications, and WiFi all around the world. As IT admins, how do you protect your users’ identity in all of these places when you don’t actually control them?
Fill the Missing Pieces with Simple Solutions
Well, the good news is there are a number of powerful yet simple identity security approaches you can implement. The first approach is to spark some behavioral change with your end users regarding their password habits. End users should make unique passwords that are as long as possible for each site they register to. Ideally, you should also add multi-factor authentication (MFA or 2FA) to each account as reinforcement. These two basic practices will help your end users dramatically step up their identity security. You’re only as strong (or secure) as your weakest link, right?
Of course, there also are actions you can take as an IT admin to fortify your organization’s identity security.
The first major step is to onboard and offboard users quickly. While this is less about specific tools and technology and more about the process at large, user accounts for departed employees are major security risks and can grow into holes before you know it.
The second major step is to leverage a central identity provider that can control user accounts and enforce password policies, SSH keys, and MFA. One identity provider in particular, called JumpCloud® Directory-as-a-Service®, is reimagining Active Directory for the modern cloud era and providing simple identity security.
Simple Identity Security with JumpCloud
JumpCloud enables IT admins to centrally control user access to all IT resources using one identity management solution, regardless of platform, protocol, location, and provider. Our identity provider also offers Password Complexity Management, giving IT organizations the power to enforce a minimum length, and the use of numbers, characters, and capitalization across their entire user base. Additionally, you can enable MFA on all of your Mac and Linux systems and on the admin and user JumpCloud portals using JumpCloud Multi-Factor Authentication. Lastly, it’s easy to keep track of SSH keys using JumpCloud because a user’s SSH keys are tied to their JumpCloud identity. Simply disable a user in the JumpCloud admin console, and then that user’s access to everything is revoked, including their SSH key access.
There are numerous other ways to increase identity security, but using JumpCloud as your identity provider and employing simple identity security techniques, like MFA, will get you started, and in turn, deliver significant gains your organization can build on. When these techniques are combined with a the overarching philosophy of zero trust security, your organization can limit the attack surface on your network and in your organization. Check out the video below for details on best practices regarding identity and access management (IAM).
If you want to hear more simple identity security techniques, or explore how JumpCloud Directory-as-a-Service can provide secure unified identity management from the cloud, contact us directly. One of our product experts will be happy to set you up with a personalized demo and answer any questions you might have. Ready to explore the platform yourself? Go ahead and sign up at no cost. As always, your first 10 users are free forever.