Share this article on:
Ashley Diffey from Ping Identity explains why effective digital identity capabilities should play a key role in defending organisations in the evolving threat environment.
The importance of strong IT security is a given in today’s interconnected, digital world. What’s not so clear is the best way to tackle the challenge of achieving effective protection against constantly evolving threats.
To understand the various approaches that security vendors are offering, it’s necessary to consider how strategies have evolved during the past 20 years. Initially, most of the attention was focused on securing endpoints. It was felt that, if this could be achieved, IT infrastructures could withstand attacks.
As the threat landscape evolved, attention shifted to network security, then to data security, and more recently to cloud resource and platform security. The tools and strategies offered by most vendors have followed a similar path.
The motivation of security vendors
As the security solutions being offered evolved over the years, so too did the motivations driving vendors. Initially, many security firms were established when their founders spotted an opportunity to make money. Those that were best at countering a particular threat enjoyed the profits.
As the security landscape changed and vendors grew, these motivations often changed. Rather than being focused primarily on profits, leading vendors became increasingly focused on solving real business challenges and making the world a better place.
This shift in thinking changed the culture within many vendors and helped them attract the best and brightest talent available. If people can see that an organisation had the objective of helping businesses withstand potentially crippling threats, they’re much more likely to come on board.
In some cases, it became a challenge to maintain this culture as a vendor continued to grow, especially when a public listing led to it becoming beholden to shareholders. For shareholders, solving business challenges is nice, but the bottom line is more critical.
Identity and data
Today, as vendors continue to balance the dual goals of making the business world more secure while also increasing profits, attention is turning to the two fundamental components of strong strategies: identity and data.
First, it’s important for businesses to be able to effectively determine that all parties requesting access to resources within their IT infrastructures are actually who they claim to be. Second, the business also needs to understand the nature of the data to which that party is requesting access to. This could be anything from computer source code to financial data or personal records.
Because of the importance of digital identity, it must therefore always be a key component of any business security stack. Bolting it on after the fact cannot provide the level of protection that is needed. Failing to get identity right is akin to leaving the digital front door to the business wide open.
Identity and risk management
Having strong digital identity capabilities can also assist a business when it comes to risk management. Rather than just relying on passwords and PINs, other authentication factors can be added to the mix. These can include anything from fingerprints and facial scans to generated pass keys and hardware devices.
Identity-based security can be further enhanced by using other factors such as typical user behaviour patterns and working locations. If a user begins requesting access at 2am when they usually work from 9am to 5pm, this could be an indicator of unauthorised activity. Also, if a user suddenly tries to log in from a different time zone or geographic region, this could also trigger a red flag.
Achieving a secure future
The cyber threat landscape is going to continue to evolve, and businesses will face the ongoing challenge of ensuring their infrastructures remain resistant to attack. It’s clear that having an effective digital identity capability is critical in meeting this challenge.
It can be tempting to focus attention on addressing vulnerabilities and putting in place the measures required to overcome them. However, if this is not accompanied by a strategy to improve digital identity capabilities, the end result will be an infrastructure that is far more fragile and open to attack.
As 2022 unfolds, it’s worth taking the time to take stock of the identity-based security measures your organisation has in place. Ensuring these are as strong and effective as possible could be the best step you take this year.
Ashley Diffey is the head of APAC and Japan at Ping Identity.