The traditional workplace perimeter has lost its importance. The growth of cloud adoption and hybrid working practices have also contributed to its insignificance. For these reasons, cloud services are increasingly important – for work and our personal life – resulting in a huge increase in the number of identities that we all have to manage.
And, let’s be honest, we hardly separate the two dimensions strictly when it comes to credentials. With the rising number of online services users are subscribed to, comes the increase in the need to remember numerous usernames and passwords. Many users try to avoid this by either using very simple passwords or using the same passwords for various services.
Many security breaches start with credential theft, often involving the stealing of email addresses and their corresponding passwords that are used to login to services. Fujitsu Enterprise and Cyber Security ran several intelligence reports for organizations and found hundreds of usernames and passwords for sale on the dark web, illegal websites, and forums.
The broad reuse of passwords across various services makes it easy for hackers. They don’t have to resort to credential hacking, brute force or guessing of passwords – they automate login requests to various services using the email addresses and passwords they have acquired. These so-called credential stuffing attacks have proven to be so successful in a significant number of cases, that they are among the top cybersecurity threats for organizations.
A year ago, Security Boulevard published the article ‘8 scary statistics about the password reuse problem’ which provides an overview of common identity and access management-related issues, and it’s very unlikely the situation has changed much since then. The article also highlighted statistics in which 91% of respondents claimed to understand the risks of reusing passwords across multiple accounts, yet 59% admitted to doing it anyway. Also, they found that the average person reuses each password as many as 14 times.
"It is no wonder that compromised passwords are responsible for 81% of hacking-related breaches.” (Verizon Data Breach Investigations Report). This report and many more demonstrate how organizations are constantly at risk of compromise when employees use the same passwords for corporate and personal accounts. So, how should they tackle these challenges?
Trust no one
A good approach (followed by many organizations) is considering a zero-trust strategy. In this approach, everything is initially treated as a breach. Thus, minimizing the risk and reducing the breach level by preventing lateral movements. Segmented network access, user, device, and application awareness should also be put in place to make sure that all sessions are encrypted end-to-end. In addition, the use of analytics to gain visibility and drive threat detection is important.
Trust the data
Organizations need to ensure that users are being explicitly verified by always following authentication and authorization processes using all available data like identity, location, device health, service, workload and data classification.
Explicit verifications are best combined with least privilege approaches. Organizations should grant just enough access rights for the proper time window. Risk-based adaptive policies, zero standing privileges and proper data protection measures are highly recommended.
Help users to rely on security controls
Never underestimate the importance of good user experience. Easy-to-use identity and access solutions make it easy and convenient for users to utilize the service and minimize their efforts to bypass security controls. In addition, a simplified user experience will increase the adoption of security processes for new systems and SaaS applications, while maintaining a strong security posture.
Trust Fujitsu and Microsoft to make it work
Fujitsu’s identity consultants can help customers to unravel the host of options available to them and develop the most appropriate path to modernize identity and access management. Whether it’s strategic or tactical approaches, or quick wins or long-term benefits – no two customers will have the same circumstances or requirements – it’s important to set realistic goals for each project. What’s achievable, what’s within the budget and what’s feasible all must be considered. Fujitsu’s identity consultants provide assessment services, develop identity roadmaps, provide, and develop business processes and actually get involved in identity deployments and application integration services.
We work together with our technology partner, Microsoft. Microsoft Azure is built on zero trust principles and it provides Identity as a service – Azure Active Directory – for all applications across cloud and on-premises.
Azure Active Directory provides:
- Conditional access for administrators and users
- Multifactor authentication
- Single sign-on
- Support for Windows Hello for Business and
- FIDO password-less tokens
It enables business-to-business federation and business-to-customer access with third-party identity providers. This allows customers to publish applications and integrate them at web speed, providing easy yet secure access mapping to the application role-based rules mapped to identities.
Fujitsu attained the Microsoft Identity and Access Management Advanced Specialization accreditation in March 2021.
“Fujitsu is widely recognized for their expertise in Microsoft cloud technology deployment, security and systems integration,” Takuya Hirano, Vice President, System Integrator and Advisory Partners at Microsoft.
Now with the Identity and Access Management Advanced Specialization, they are even better positioned to offer customers highly secured identity management for their Modern Work environments.”
By understanding your requirements, our consultants can help you work out what is needed to build a balanced identity security that can be effectively enhanced even as requirements develop.
Let us transform your identity and access management strategy. Get in touch today.