RSA 2017: Four Steps To Staying Secure In ‘The Age Of Access’

It has become a well-established view within the technology industry that, when it comes to cyber security, humans are the weakest link.

Security software has never been more advanced or more readily available, but it all counts for nothing if an employee lets in an attacker after falling for a phishing email, or works as a malicious insider to steal company secrets.

With this in mind, Tom Kemp, CEO of Centrify corporation, believes organisations need to focus more on user access and identity if they want to secure their data in what he calls the ‘age of access’.

Speaking at cyber security conference RSA 2017 in San Francisco this week, Kemp explained that, as employees often depend on public Wi-Fi networks to access business documents, it has become just as important to secure the user as the device itself.

Access security

“Should we not leverage biometrics on the device so I don’t have to type in a password when someone else is sat next to me,” he said. “Should we not actually have an analysis of my behaviour?

“People often ask me ‘will focusing on identity provide a material impact to my business?’ I can tell you the answer is yes.”

Kemp identified four steps that organisations need to go through to become more mature from an identity perspective.

The first is to establish identity assurance, which “at a base level means implement multi-factor authentication everywhere, not just for your VPN, but for your email, your apps, your network, your databases”.

It also requires the consolidation of identities, i.e. reducing the number of passwords and identities a user has through the likes of single sign-on software and the integration of biometric authentication which is often now readily available on consumer devices.

The next step is to limit lateral movement by implementing processes such as access approvals, followed by enforcing the rule of least privilege. We have workflows associated with normal apps such as booking holidays and purchase orders, Kemp explained, so why do we not have workflows for access?

And the final step: “Capture everything”. Logging and monitoring should be thought of as a security camera on your servers and applications and be treated with the same importance as security for your home.

“You can actually significantly decrease the number and extent of the breaches that you’re facing by addressing the new attack vector which is too many passwords, too much privilege,” Kemp said.

“Give people single click access to their applications, leverage SSO protocols, leverage multi factor authentication and your users will be more productive, you can adopt new cloud technologies a lot faster and start reducing the number of breaches.”

Quiz: Test your knowledge on cyber security in 2016

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

4 hours ago