Subscribe

Identity management key to cyber security

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 19 May 2016
Organisations need to take the user-centric approach to security, says SailPoint's Darran Rolls.
Organisations need to take the user-centric approach to security, says SailPoint's Darran Rolls.

Security paradigms are shifting from network-centric to user-centric, said Darran Rolls,

CTO at SailPoint Technologies, speaking at ITWeb Security Summit 2016 in Midrand yesterday.

According to Rolls, identity and access management (IAM) is key to protecting organisations from threats coming from outside the organisation, and more appropriately, inside.

He explained protecting the perimeter is no longer sufficient in potentially shutting down attacks but IAM is taking centre stage in defending companies' data from cyber criminals.

Network security is increasingly becoming complex - what used to be simple and dependable, is now complex and unpredictable, said Rolls.

With businesses operating in a world of increasing complexity - the population of people accessing an organisation's systems are no longer just employees and IT staff but contactors and different stakeholders, said Rolls.

A few years ago businesses were concerned with protecting a few, critical assets residing behind the firewall with relatively straightforward access models, he explained.

However, today organisations have many types of users accessing systems and data with different applications and using different authorisation, said Rolls.

To secure the data, IT professionals need full visibility into users: their identities, what they are accessing, and what they are doing with the information as well as how they might access it, he added.

The most critical is the appropriate use of data access privileges, said Rolls.

"When we look at some of the breach reports that are available, very frequently the cause of cyber attacks is very simple, basic identity management errors like overly complex effective access."

Organisations need to understand the type of data they have and who should have access to it and whether the user has correct access credentials, said Rolls.

Over-entitled users - people with accumulating credentials over a period of time - are able to create application level vulnerability, he explained.

Companies need to take the user-centric approach to security, really taking identity as well as access patterns and putting these at the centre of the security architecture, said Rolls.

Share