User typing login and password showing identity security and zero trust

Identity Security: How the Weak Link Behind Major Breaches Could Have Been Avoided

To the inexperienced eye, football seems to have a lot of complex rules. Tackles, offside penalties, blitzes, and more are all factors that influence who comes out as the winner. While all of these components can impact the outcome, it is just about who scores the most points at the end of the day.

That summarizes how many of us in the cybersecurity field feel about the industry today. Many experts believe that cybersecurity has fallen into a pattern of overcomplexity and overhype, and we’ve lost sight of what truly matters: preventing adversaries from gaining access to a network.

Cybersecurity is highly complex. And there is a lot of fodder out there about what to do versus what not to do. It can quickly become overwhelming trying to defend against the latest attacks—especially as the cyber landscape evolves and attacks become more sophisticated.

However, there should be some solace in knowing that security teams could have averted some of the most significant attacks in the last year with some essential identity management best practices.

When we look back at the headline-making attacks of 2021, it’s clear that many are rooted in one fundamental issue: compromised identities.

Take the high-profile SolarWinds breach, for example. At first glance, the breach seems to involve careful and calculated moves from nation-state adversaries. While not yet confirmed, many reports indicate compromised credentials were a possible root cause.

Colonial Pipeline suffered a similar attack rooted in hacked credentials from an inactive account. Lack of multi-factor authentication also played a role in the incident. If the intruders had to prove their identity via identity-based authentication—before accessing sensitive information or making changes to the organization’s code—they would have had a much harder time moving throughout the network and certainly wouldn’t have done as much damage.

Stepping back and implementing identity security basics, which have been established for years, can help organizations prevent future hacks. These include clarifying ownership of identity management across the organization, automating provisioning and deprovisioning throughout the identity lifecycle (join, move, leave), and continuously discovering privileged access and applying MFA.

Integrating identity and security technologies to address a specific requirement is just one piece of the puzzle. Broader business initiatives, such as a zero-trust architecture, can pull back the reins and ensure security and optimal user experience.

Because the Zero Trust model requires all internal or external users from the organization’s network to be authenticated, authorized, and continuously validated before being given access to applications or data, it can diminish the inherent trust that traditional networks have been relying on for so long.

Zero Trust revolves around five guiding principles:

  1. Evolving Perimeter: Defending the perimeter can no longer be based on the archaic castle wall security model. Cloud adoption and remote workforce mobility have eroded the idea of the traditional network perimeter. Zero Trust would be the answer to integrating security throughout the network, not just at the perimeter while mitigating risk at the perimeter level itself.
  2. Zero Inherent Trust: Zero Trust architecture assumes malicious intent until otherwise proven. All requests to applications and services must be verified at the perimeter level itself.
  3. Access Happens Everywhere: Zero Trust helps attain better visibility across networks, applications, devices and containers as the security state would be verified upon every request.
  4. The 3 Ws – Workforce, Workplace, and Workload: Workforce refers to establishing the trust levels of users and devices to determine their appropriate access privileges. Workplace refers to implementing trust-based access control on networks an organization controls, and Workload involves preventing unauthorized access within the micro-segmented networks irrespective of where they are hosted.
  5. Continuous Trust Verification: Zero Trust requires agents to establish trust by verifying identity using MFA, device posture and location, and enforcing least privilege access to networks, applications and resources.

While zero trust originated more than 15 years ago, it’s arguably more relevant today than ever. The amount of data created every day grows exponentially, user communities have expanded, and the traditional network perimeter has disappeared. The solution isn’t investing in the “next greatest solution,” simply because savvy cybercriminals know that the fast path to data is through compromised identities with privileged access and credentials. It’s no longer practical to protect a business’s sensitive assets behind a single network wall. Ahead of Identity Management Day 2022, it’s important to emphasize that taking an identity-centric approach to security and Zero Trust helps organizations protect the weapons that are being used against them.