Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators

By now, most of the industry has realized that we are seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders haven’t noticed this, malicious actors have, with 80% of web application attacks using stolen credentials and 40% of breaches that don’t involve insider threats and bugs. ‘users involving stolen credentials, according to sources such as Verizon 2022. Data breach investigation report.

Compromised credentials were involved in incidents such as the 2021 Colonial National Pipeline breach, the 2021 Oldsmar Florida water treatment plant attack, and an attack on the South Staffordshire water treatment plant in the UK in 2022, illustrating that these incidents may have spilled over. from the digital realm to the physical realm, affecting critical infrastructure.

Fortunately, we are seeing a shift in the industry to pivot towards a zero-trust cyber security model, underpinned by an emphasis on identity and data rather than the legacy castle-and-moat approach that preceded and led to several decades of fragility. defense and massive data breaches. This pivot includes guidance from leading organizations such as the National Security Agency (NSA), which together with the Cybersecurity and Infrastructure Security Agency (CISA) recently published guidance “Best Practices Recommended for administrations: identity and access management (IAM)”.

The guide opens by discussing the current threat landscape along with an overview of threat mitigation techniques. The NSA notes that some of the most common techniques used by malicious actors include activities such as creating new accounts to maintain persistence, exploiting vulnerabilities to forge authentication claims, exploiting existing users and their access and exploiting insecure system defaults and configurations. Highlighted sections of the guide are dedicated to identity governance, environmental hardening, identity federation and single sign-on (SSO), multi-factor authentication (MFA), and auditing and supervision, which we will discuss below.

Identity government

Identity governance helps organizations centralize and orchestrate activities associated with both user and person entities (NPEs), such as service accounts, to align with their organizational policies. These activities cover the entire lifecycle of an account or identity, such as when a person joins, moves, or leaves an organization or team, triggering activities associated with their credentials and associated permissions. This same concept applies to NPEs, such as machine-based identities that need credentials and permissions to perform activities within an architecture.

Determining who has access to what and the risks associated with that access and then dynamically managing access appropriately is no easy task. Identity governance enables a centralized approach to ensuring organization-wide policy enforcement, as well as mitigating risks such as identity sprawl and loss of permissions, where individuals’ accounts are managed correctly, but their associated permissions regularly extend beyond what they actually need for their jobs. . When this happens and those credentials are compromised or abused, it can wreak havoc on organizations.

Copyright © 2023 IDG Communications, Inc.

Source link
As the world of cloud-based data and network security becomes increasingly complex, IAM (Identity and Access Management) best practices are key to protecting the valuable information from unauthorized access. The United States National Security Agency (NSA) recently conducted research to assess the effectiveness of existing IAM capabilities and develop recommendations for administrators to improve their security. Their comprehensive security posture report revealed that the most effective means of defense is the implementation of zero-trust strategies. So what does this mean for administrators?

Zero-trust architecture (ZTA) is a security strategy that assumes organizations’ networks and resources may already be compromised and that users, networks andother assets should be trusted only to the extent that they can be objectively verified. This means that the traditional model of “trust but verify” is replaced with “verify then trust.” To make this strategy effective, the NSA recommends that organizations start by identifying any organizational assets, both in the cloud and on-premises, that need protection. Administrators can then implement authentication methods such as RSA SecurID and biometric verification for users when attempting to access these assets.

Frequently accessing cloud-based resources, especially from remote locations, can be a major challenge for administrators today. That is why it is important to implement enterprise-wide IAM initiatives that enable secure authentication, authorization and auditing of user activity across all resources. At Ikaroa, we provide a comprehensive suite of cloud-based IAM solutions designed to meet the needs of organizations of all sizes. Our expert team of security professionals can help administrators formulate best practices for implementing zero-trust architecture to protect valuable assets.

In conclusion, the only way to ensure the highest levels of security is to embrace zero-trust principles. By implementing the NSA’s recommended IAM best practices, administrators can protect organizational assets and ensure users are accessing authorized resources securely. Ikaroa is committed to helping administrators of all sizes implement the right IAM solutions to guard their data, networks and resources.


Leave a Reply

Your email address will not be published. Required fields are marked *