As digitisation forces organisations into the cloud , the situation is becoming complicated .
As digitisation forces organisations into the cloud , the situation is becoming complicated .
Those with large user bases are using Identity and Access Management ( IAM ) solutions to help simplify access while enabling security across mixed environments . Some of these solutions are based in the cloud but those looking to marry simplified access with superior security should be aware of the risks involved .
CIOs are often reluctant to put sensitive data in a cloud environment . Once it ’ s there , it ’ s no longer under the control of the company responsible for looking after it . It feels less secure than if it ’ s kept under your own control and for good reason . Verizon confirmed that the top action involved in breaches was the use of stolen credentials in 2017 , while web apps were the top target for threat actors . For now , keeping credential data off the cloud sounds like a safe bet .
It ’ s important that CIOs keep sensitive data within an environment that they can control but they must still find a way to navigate the cloud . So what ’ s the most simple , secure and flexible way to do so ?
Considering user context
User context is a significant factor . With an increasing number of employees working remotely , they may be inadvertently making it easy for cybercriminals to steal information .
Therefore , users should only have access to enough information to do their job if it ’ s safe to do so . In that changing environment , an antivirus / firewall solution alone is not enough to enable simplicity and flexibility for user access . Equally , a pure IAM solution cannot secure an organisation ’ s environments on its own .
To achieve the most secure result , an IAM solution should be used in combination with an organisation ’ s antivirus , firewall and other security architecture .
Meanwhile , it ’ s important to bear in mind that registered users don ’ t always have pure intentions . Intruders can come from within ; according to Verizon , 28 % of data breaches involved internal actors , rather than external figures in disguise .
Organisations must take care to manage access effectively , so users can only see as much as they need to perform legitimate actions . While security is of paramount importance , genuine users should not be held back by overly complex authentication .
It ’ s well-known that customers will abandon transactions if the journey is too difficult . According to research by American Express , 78 % of online shoppers have bailed on a transaction because of a poor service experience .
74 Issue 05 | www . intelligentciso . com