For decades, cyber security has focused primarily on creating a secure perimeter that should keep attackers away from corporate systems in the long term. But in recent years, the ” enclosure ” security model has become more minor and less important and has finally become obsolete with the pandemic and widespread remote work. Businesses worldwide are confronted with a new perimeter: the digital identity. Managing these securely and protecting them from misuse is the unique task of the security teams.
Table of Contents
The Fall Of The Classic Perimeter
The end of the traditional perimeter has been in the offing for a long time. As early as 2003, the Jericho Forum, a collective of CISOs headed by Royal Mail’s security chief, David Lacey, dealt with the concept of “de-parameterization.” “The traditional electronic boundary between a corporate network (or ‘private’ network) and the Internet is collapsing,” says one of her research papers. At that time, the security experts also published a series of requirements for a “delimited” future, as it has now arrived.
Trends such as Bring Your Device (BYOD) and, in particular, the increase in phishing incidents have greatly accelerated the decline of the traditional perimeter in recent years. Increasingly, criminals have penetrated corporate networks by tricking employees into opening malicious emails or attacking their vulnerable personal devices. Disguised as authenticated employees and without having to circumvent external protection measures, they have increasingly gained unhindered privileged access.
With the rapid increase in cloud usage and the growing importance of remote and hybrid workplaces, this situation has recently come to a head, finally ending the traditional perimeter. Because when employees leave the secure office environment and access the network via their access, which is secured by a digital identity or by the device managed by the company, this entails many security risks.
Every User Is A Privileged User
Passwords and usernames are still an elementary element of identity-based security for many companies and, at the same time, a critical threat. Because, as the Verizon Data Breach Investigations Report (DBIR) from 2021 reveals, 61 percent of all security breaches can be traced back to the exploitation of compromised credentials.
This is also because many organizations’ efforts to secure their identities effectively are hampered by outdated infrastructure and technical requirements, severely limiting their ability to respond to threats adequately. To make matters worse, the number of employees who have a privileged user account with comprehensive access rights and management functions has increased significantly. However, these accounts are highly valued by cybercriminals as they allow access to a wide range of resources and powers, including the ability to access and modify sensitive material or even delete logs to cover their tracks.
Nowadays, almost every user can be considered a privileged user as pretty much everyone can access at least some sensitive data or information. As a result, the attack surface for companies has grown significantly in recent years, and threat actors have an ever-increasing range of potential attack targets at their disposal. Compromising a single user’s credentials is enough for them to escalate privileges and gain access to the entire network. Unlike in the past, when cybercriminals had to launch a frontal attack, they can work their way quietly and persistently until they find a single passcode that gives them access to the network.
If you think of a company as a fortress, the old model will enclose the crown jewels (i.e., data, applications, and other valuable assets) with thick walls and deep moats. Attackers would have to force their way in, which is demanding, time-consuming, and complex. However, in the age of remote working, the fortress has many entrances – each with its key. And threat actors have many ways to get these keys and, therefore, a wide range of targets. Both human and non-human entities, such as applications or automated security systems, have credentials that grant them privileged access. The castle walls are still standing, but they cannot hold off the attackers. So the question arises.
Identities In Crisis
The first step to effectively securing identities requires a rethinking that almost all users must be considered privileged today. However, this does not mean that all users have the same access and are subject to similar risks. The protection of the entrances requires a corresponding differentiation. For example, a password or multi-factor authentication may be appropriate and sufficient for a user who only needs to access business email or non-sensitive documents.
However, when sensitive customer data is accessed, the user should be subject to more rigorous authentication and verification that requires approval. A time limit on access could be a possibility to reduce the risk of abuse. Users could also be asked to submit a digital data access request explaining why they need access, complete with an entire audit trail.
If all users are classified as privileged, they must also be trained accordingly. This includes following best practices and basic cyber hygiene practices, such as avoiding cross-system passwords or password sharing. However, because every password poses an ultimate risk, IT departments must work to make passwords less important by adopting privileged access solutions that allow for more automation and the need to think up and remember passwords. Employees at all levels of an organization must be aware of the risks associated with their privileges and understand that their accounts can also be a stepping stone.
The techniques used by threat actors to gain access to accounts are shockingly simple. Social engineering is a weapon that is easy to carry out and extremely promising. Because it’s incredible how many people still fall for (admittedly sometimes compelling) phishing emails, giving away their credentials and thus allowing criminals to get a foot in the door. Once in, they linger there at will, looking for ways to move laterally, escalate their privileges, plant malware, exfiltrate data, and set up backdoors. As the current M-Trends 2021 Annual Threat Report has shown, the average dwell time is currently 24 days – which is an exceptionally long time in cybersecurity.
Manage And Control Access Smoothly
When identity has become the new perimeter, companies must rely on security technologies that enable them to specifically secure user access with extended access authorizations and administrative powers. Privileged Access Management (PAM) solutions can help them guard the new perimeter by providing a security solution that combines interoperability, automation, and orchestration.
PAM solutions provide essential functions for effectively protecting privileged access data and sustainably reducing business risk. These include securely managing credentials, tracking elite activities, masking and rotating passwords, and implementing session monitoring controls. Today’s PAM allows security teams to randomize passwords, control access to privileged accounts, and isolate, monitor, record, and select audit sessions, commands, and actions. Effective PAM solutions pursue the goal of pushing passwords into the background and moving to the principle of least privilege.
By integrating the IT and security stack, IT teams can create a single point of control that can manage identities across the enterprise network. It is essential to ensure that all solutions are interoperable, as this is the only way to establish a multi-layered security system that protects effectively and seamlessly. In the past, companies selected the best security solutions and hoped for the best. Today, the compatibility of the individual products plays a decisive role in offering companies demonstrable added value – be it that they can save time or the productivity of the employees is increased.
Especially for the latter, automation is also an important key. Secure access should always run smoothly, with authentication, authorization, monitoring, and others automatically running in the background. This is the only way to ensure that users are not hindered or disturbed in their work by security measures.
When identity security solutions are in place, it is essential to focus on orchestration to ensure all products work perfectly together. PAM can take the lead here, allowing security teams to create a multi-pronged defense that allows seamless but secure access when the risk is low—and locks down systems or watches for more information when the risk is high.
If the focus is on interoperability, automation, and orchestration, companies benefit in two ways. This firstly reduces the risk of compromised credentials being misused by threat actors and ensures that employees can take full advantage of the productivity gains that a cloud-based, remote-enabled environment can offer them.
The traditional perimeter was doomed long ago and has been replaced by a porous, flexible, and ever-changing perimeter based on individual identities. Reacting to this new reality and aligning its security measures is not an option for companies. Because the identities have long since become a famous battleground for threat actors, companies’ decisions now will help them mitigate the risks.