To address data privacy regulations and reduce the risk of a data breach, organisations need to follow best practices in Identity and Access Management (IAM). This means leaving behind the cumbersome and risky password approach and instead adopting more vigilant technologies that streamline the user’s login experience and mitigate the risk of unauthorised access to personal data.
Companies should consider these three key best practice approaches: monitoring user behaviour and activity, verifying user identity with authentication solutions, and educating employees and customers on good identity management.
Monitoring user behaviour and activity
This is where real-time data analytics come into play. User and entity behaviour analytics (UEBA) automatically detect potential intrusions, unusual activity, or any other anomalies within a multi-cloud infrastructure. The system will send an alert if, for example, a new device login is detected. Or it will lock out a user if they have experienced multiple failed log-in attempts within a short timeframe. Context-based step-up authentication can also verify users based on their precise location, device and normal online activities.
Verifying user identity with authentication solutions
Companies should abandon the password approach and instead invest in tools such as multi-factor authentication (MFA) or single sign-on (SSO) for a more secure log-in process. MFA provides an additional security step, such as sending the user an SMS token via email or through a third-party tool such as Google Authenticator.
SSO involves users logging in once from a single portal to access multiple cloud applications, with limits on who is authorised to access certain information. This guarantees that all employees and customers are authenticated before accessing their accounts, and specified data is protected against unauthorised users.
Educating employees and customers on identity management
Cybersecurity training for employees should be mandatory so they learn the importance of protecting their own Personal Identifiable Information (PII) and the steps they need to take to do that. They need to know how to control what data they choose to share and understand the daily risks they face.
Similarly, organisations need to educate customers on how to protect themselves. They need to understand what constitutes a suspicious email, text or link so they don’t actively expose personal or corporate data. When given the choice, customers should know to select an alternative method of log-in other than a password, such as MFA or face ID scans.
Organisations that follow best practices in IAM strategy will be taking great strides in protecting their business and customer data within a modern IT infrastructure.
About the author
Anurag Kahol is Founder and CTO of Bitglass. Kahol expedites technology direction and architecture. He was director of engineering in Juniper Networks’ Security Business Unit before co-founding Bitglass. Anurag received a global education, earning an M.S. in computer science from Colorado State University, and a B.S. in computer science from the Motilal Nehru National Institute Of Technology.