Identity and access management (IAM) is a cornerstone and a key security control for protecting corporate data and controlling network access. However, it often proves challenging to implement effectively, as hackers specifically target these controls.
Doug Cahill, after spending nearly nine years as a senior cybersecurity analyst and executive for Enterprise Strategy Group, struck out on his own earlier this year and now consults for several venture groups. He looks at the role identity and access management plays in both on-premises and in the cloud to control access to protect your essential data and systems.
Q. There are a lot of important components to a cyber security strategy. Why do many experts say that IAM is the keystone for an effective implementation?
A. The spate of identity-based attacks headlined by phishing, impersonation attacks, which now include deep fakes, continue to highlight the central role compromised identities play in many cybersecurity attacks. And the proliferation of non-human identities which provide runtime access and authorization for a wide variety of services has only increased the identity attack surface. As such, after years of treating IAM as an operational IT discipline centered on account provisioning, it is imperative that cybersecurity leaders view IAM in the context of identity security and as a foundational pillar of a modern cybersecurity program.
Q. How does IAM differ from basic authentication and what additional functionalities does it provide? We used to hear about Identity Access and Credential Management. What is the credential component?
A. Credential management has long since referred to the use of certificate-based authentication. The strategic imperative to treat identity as a pillar of cybersecurity with an identity security approach has rightfully expanded how cybersecurity teams now approach credential management. This is where a zero-trust approach is applicable, one that not only employs certificates for authentication but entails proactively reviewing the minimum level of access required to reduce the blast radius of a compromise, monitoring for anomalous activity, and the expanded use of multi-factor authentication.
Q. As companies move more to a cloud-first environment, IAM can become more challenging. What are the differences between IAM on prem and IAM in the cloud?
A. Cloud-first strategies often include cloud-native application development and delivery introducing additional IAM challenges for cybersecurity teams. Developers accounts are typically highly permissive as are those used by DevOps engineers and site reliability engineers (SRE) who require access to management consoles. Adversaries have taken note as evidenced by these individuals being targeted via recon and phishing with their compromised credentials then being used to move laterally across a cloud environment. Cybersecurity teams should also be mindful of the risk created by overly permissive service accounts such as, for example, one whose sole purpose is to insert records into a database but has been provisioned via the wild card operator with read as well as write permissions. And given the multi-tier native of cloud-native applications that employ dynamic compute instances such as containers, workload identities also need to be managed with a zero-trust approach that minimizes inter-workload access and privileges.
Q. How can IAM adapt to address the evolving threats and vulnerabilities in the cloud?
A. The proliferation of SaaS applications has resulted in business-critical data assets being stored across public clouds necessitating the need to proactively manage the sprawl of cloud identities. In addition to the risks associated with the use of shadow SaaS applications, cybersecurity teams should also be aware of the privileges layered SaaS applications require to access other SaaS apps. For example, marketing automation applications require access to the customer relationship management (CRM) database such that a compromised account can provide attackers access to a company’s customer database. To address these risks, cybersecurity teams should consider SaaS Identity Risk Management solutions.
Q. What role could Generative AI play in the IAM market in the future and how far away are we from seeing commercial products here?
A. AI, and GenAI, specifically, is already playing an important role in identity security products to provide both scale and insight. The sheer number of identities, their associated privilege and activity telemetry creates massive data sets. The technology stack of contemporary cybersecurity controls, including identity security, employs data lakes and AI to provide the ability to not only collect and retain massive corpuses of data, but to query those data sets to gain actionable insights. Just as AI in endpoint security products became table stakes to detect new and unknown malware, so too will GenAI be viewed across multiple cybersecurity product categories including identity security.