Digital Identities & Remote Working
Well, 2020 isn’t quite what we thought it’d be.
A colleague and I wrote a piece for KPMG’s Newsroom around managing digital identities securely especially now that a majority of knowledge workers connect remotely. The piece was meant for a broader audience but I still hope there are some tangible takeaways if you work in or lead security teams.
—————-
All of us have been taken aback by the rate at which the ongoing crisis has escalated and the public health, social and economic impact it has had on millions of people around the world. Given its unprecedented nature, organisations across industries in Australia have had their existing continuity protocols and technology stacks stress-tested at scales that were never anticipated.
Organisations would do well to revisit their Identity and Access Management (IAM) frameworks and solutions for both critical and non-critical applications especially given that it is not out of the realm of possibility that passwords across systems could be similar. With password hygiene being a prevalent issue, external users (consumer and citizen identities) with email address as credentials can fall victim to password spraying attacks that, while not particularly sophisticated, are effective.
As more people work remotely and our collective anxiety increases, it is not entirely unexpected that cyber attacks and phishing scams will exponentially increase over the coming weeks and months.
From an IAM perspective, there are a few areas that organisations could potentially look at to shore up their existing systems securely:
1. Make changes to the IAM layer
Organisations may invariably compromise on security in their network layer to ensure that their employees have access to critical and non-critical applications remotely. A secure IAM platform will act as a compensating control in such instances. Making changes to the Open Systems Interconnection (OSI) model gets increasingly difficult as we go from top to bottom and making relevant changes to the IAM layer is easier to implement while being architecturally sound.
2. Secure cloud solutions
Single Sign-On (SSO) to cloud applications will be the norm for many organisations that empower their employees to work remotely; however, convenience can come at the cost of cloud security. While MFA is by no means perfect, using it for high-risk transactions or privileged users can reduce the surface area for attacks.
3. Secure Privileged Accounts
Securing privileged accounts with MFA using software or hardware tokens is easily achievable and will go a long way in ensuring threats are minimised especially as remote-working becomes the norm for the foreseeable future.
4. Provide more self-service functions
Securing help desks will continue to prove difficult so help staff help themselves with self-service function that are secured by 2-step authentication mechanisms.
Across the board, organisations will relax their security protocols to ensure their workers have frictionless access to their accounts and applications for working remotely, which will provide new surface areas for attacks. Having established and standards-based solutions that use protocols like SAML, OAuth 2.0 and OpenID Connect may provide a sense of assurance and flexibility especially when it comes to ease of securely onboarding new applications.
Many cyber-attacks and breaches, including some high-profile ones here in Australia, go weeks or even months without being detected and there are never all encompassing fixes or answers that solve everything but standards-based approaches are a dependable way of approaching these confusing times.