Organizations need to double down on identity and access management (IAM) and integrate it with their security strategies to meet the challenges of the present and the near future, more than 20 cybersecurity leaders agreed in an online roundtable discussion hosted by the CyberRisk Collaborative in May 2024.
What follows is a synopsis of the full roundtable report, which is available to members of the CyberRisk Collaborative. Click here for details on how to join and access content like this.
The meeting, sponsored by Cisco and led by Mitch Greenfield, Associate Vice President of Identity and Access Management at Humana, reached a consensus that IAM can no longer be considered as a field separate from security.
Instead, the participants agreed, IAM must adopt the general cybersecurity mentality of proactively mitigating potential threats, monitoring activity, conducting regular audits and routinely sharing information.
As presented in the report summarizing the meeting, the roundtable participants also agreed that IAM strategies should emphasize risk mitigation and be aligned with the business goals of an organization.
That's especially important because the rapid growth in successful identity-related attacks — as well as the rapid growth of non-human identities — has made robust identity defenses a priority for CISOs and other security managers.
The roundtable consensus echoed words written by Matt Caulfield, Vice President of Product for Identity Security at Cisco, in a piece posted on the SC Media website earlier in May.
"Identity isn't just the new perimeter," said Caulfield. "It's the ONLY perimeter standing between attackers and the assets we're all charged with protecting. It's time we developed a more identity-centric strategy that reflects that reality."
Boosting IAM across the board
The roundtable group's overall recommendation is to beef up IAM whenever possible. The report lays out five steps to take:
1. Implement advanced monitoring and analytical tools.
As with cybersecurity in general, identity and access needs to be continuously monitored and examined. The behavior of users, human or otherwise, must be logged and tracked and scanned for anomalies. Policies, implementations and tools must be scanned and tested for potential vulnerabilities.
2. Enhance identity management and access controls.
Access policies must be made clear and firm, and exceptions must not be permitted. As the report’s introduction states, "Stick to your guns when people ask for change." Robust tools and authentication mechanisms, such as context-aware MFA or Microsoft CAPs, should be implemented.
3. Enhance incident detection and response.
Identity and access anomalies and suspicious behavior must quickly be investigated. Modern IAM platforms may have SOAR-like tools to partly automate this process. Likewise, incident-response playbooks and drills should be implemented to prepare for breach scenarios.
4. Conduct regular audits and assessments.
GDPR, NIST CSF, PCI-DSS and other major security and compliance frameworks stress the importance of identity management and account protection. The report urges organizations to make sure that their IAM policies and platforms ensure compliance with regulations, standards and internal policies, and that those policies and platforms are regularly assessed to make sure they're as effective as possible.
5. Foster a data-driven, collaborative security culture.
Beyond identity security, the report says, organizations should "use data insights to allocate cybersecurity resources effectively and prioritize critical security initiatives." Perhaps even more importantly, organizations should "encourage cross-functional collaboration and continuous learning within the security team" so that all security practitioners, whatever their focus, should have access to the collective knowledge of the organization as a whole.
