Limited functionality available
Identity and access management (IAM) is a cornerstone of cyber security and a key element in digital delivery for any organisation. Understanding who a user is, and whether they have the access rights to only the required resources is a central requirement of cyber systems. While it sounds simple enough, this is a complex task.
Cyber criminals commonly target user identities as a way to gain initial access. Why? It’s easy pickings. Unauthorised access is among the highest ranked attack vectors1 for Cyber criminals.
Passwords have traditionally been the mainstay of authentication controls but are both difficult to use and often ineffective. Most people know they should use a different password for each system, but it’s virtually impossible without a password manager. It’s little wonder so many people repeat passwords despite knowing better2.
But innovation is emerging as the answer. Moving forward, passwords won’t be our default means of protection. New technology is both challenging identity and access management legacy protections and providing new ways to address it.
The Australian Government’s recently launched Cyber Security Strategy focuses on the need for better identity and access management to prepare businesses for a technologically enabled future. But there are still numerous, efficient moves businesses can make today to get on the front foot.
What can Australian businesses do today?
The Australian Government’s Cyber Security Strategy lists actions that should be taken by all businesses to manage security. Unsurprisingly, identity management is a key focus. Here we suggest some focus areas to help guide identity investments for Australian organisations.
This blog is authored by Andrew Hayes, Richard Alleman, Anthony Treyvaud and David Loone.
1. ForgeRock Consumer Identity Breach Report: https://www.forgerock.com/about-us/press-releases/forgerock-consumer-identity-breach-report-us-breaches-cost-over-18-trillion
2. 8 Scary Statistics about the Password Reuse Problem:https://securityboulevard.com/2020/04/8-scary-statistics-about-the-password-reuse-problem/
Andrew is a leader in enterprise architecture, identity and access management and service oriented architecture, communications, and mobile application development. Andrew possesses an extraordinary depth and breadth of skills, from developing low-level code to making boardroom presentations focused on enterprise-wide strategy. His focus is on leveraging his expertise to lead projects to deliver the very best solutions for his customers.