RSA 2017: Four Steps To Staying Secure In ‘The Age Of Access’

It has become a well-established view within the technology industry that, when it comes to cyber security, humans are the weakest link.

Security software has never been more advanced or more readily available, but it all counts for nothing if an employee lets in an attacker after falling for a phishing email, or works as a malicious insider to steal company secrets.

With this in mind, Tom Kemp, CEO of Centrify corporation, believes organisations need to focus more on user access and identity if they want to secure their data in what he calls the ‘age of access’.

Speaking at cyber security conference RSA 2017 in San Francisco this week, Kemp explained that, as employees often depend on public Wi-Fi networks to access business documents, it has become just as important to secure the user as the device itself.

Access security

“Should we not leverage biometrics on the device so I don’t have to type in a password when someone else is sat next to me,” he said. “Should we not actually have an analysis of my behaviour?

“People often ask me ‘will focusing on identity provide a material impact to my business?’ I can tell you the answer is yes.”

Kemp identified four steps that organisations need to go through to become more mature from an identity perspective.

The first is to establish identity assurance, which “at a base level means implement multi-factor authentication everywhere, not just for your VPN, but for your email, your apps, your network, your databases”.

It also requires the consolidation of identities, i.e. reducing the number of passwords and identities a user has through the likes of single sign-on software and the integration of biometric authentication which is often now readily available on consumer devices.

The next step is to limit lateral movement by implementing processes such as access approvals, followed by enforcing the rule of least privilege. We have workflows associated with normal apps such as booking holidays and purchase orders, Kemp explained, so why do we not have workflows for access?

And the final step: “Capture everything”. Logging and monitoring should be thought of as a security camera on your servers and applications and be treated with the same importance as security for your home.

“You can actually significantly decrease the number and extent of the breaches that you’re facing by addressing the new attack vector which is too many passwords, too much privilege,” Kemp said.

“Give people single click access to their applications, leverage SSO protocols, leverage multi factor authentication and your users will be more productive, you can adopt new cloud technologies a lot faster and start reducing the number of breaches.”

Quiz: Test your knowledge on cyber security in 2016

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

11 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

14 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

16 hours ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

1 day ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

1 day ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

1 day ago