Illumio’s Raghu Nandakumara argues that non-user entities characterize ‘the following frontier of danger’ in cybersecurity.
Identification is on the core of each safety dialog in the present day, but it surely isn’t essentially being spoken about accurately. Too usually, identification is related completely with customers and their entry privileges. Whereas it is a essential side of safety, focusing solely on customers doesn’t mirror the total scope of identification threats.
Identification extends past customers – it applies to units, functions and community connections. Recognising and managing these identities is essential for securing the broader digital ecosystem.
It’s time to rethink identification, shifting past a user-centric view to at least one that embraces the total complexity of in the present day’s environments.
The dangers of a slim view
Many organisations in the present day view identification primarily, and even completely, by way of the lens of customers – who logs in and who accesses which functions.
Why do organisations default to this slim view? The reply is straightforward: making identification synonymous with customers is simpler. Logging into desktops or portals gives a transparent and manageable level for implementing safety, and organisations are usually extra assured with the standard of their consumer knowledge compared to different metadata from their community.
Nonetheless, this restricted perspective leaves organisations with vital blind spots. Something interacting throughout the surroundings, reminiscent of service and system accounts, additionally carries an identification that may be subverted and exploited simply as readily as a human consumer account.
When these non-user identities are ignored, attackers readily discover potential entry factors past consumer credentials. For instance, service accounts usually have excessive ranges of privileged entry of their roles as facilitators between functions. These accounts may be seized by way of techniques like Kerberoasting and Golden Ticket assaults and used as a foothold to additional lateral motion.
Organisations must rethink what identification actually means to safe their environments successfully. Identification applies to each element interacting within the community – not simply the individuals.
Increasing the definition of identification
Each gadget, utility and community element has a singular digital fingerprint. Simply as a consumer’s identification includes a number of attributes, reminiscent of credentials and entry permissions, so does the identification of a tool or an utility. For instance, a server isn’t simply {hardware}; it’s additionally the working system it runs, the functions it hosts and its interactions with different units on the community.
All these components come collectively to kind an identification that have to be managed to the identical diploma because the consumer logging in. Attackers know it is a widespread hole in most safety methods and sometimes goal these weak spots, leveraging unmonitored units or functions to achieve entry.
By increasing the definition of identification to incorporate each endpoint, organisations can begin implementing safety methods that shield each community layer.
Connecting identification to a broader safety technique
To really shield an organisation, identification have to be embedded in broader safety, not handled as a standalone course of. Whereas securing consumer identification accounts for ‘who can do one thing?’ and ‘what they will do?’, it have to be coupled with community safety to regulate ‘the place can they go?’ and ‘how can they get there?’
Organisations want to have the ability to reply all these questions with equal readiness to reliably restrict the effectiveness of an attacker. Focusing an excessive amount of on one space will result in an unbalanced technique that creates gaps for attackers.
Zero belief is an efficient automobile for delivering this stability. Whereas its rules are sometimes mentioned in phrases relating purely to consumer entry, a zero-trust safety coverage applies equally to all system identities.
Each entity within the surroundings, whether or not it’s a consumer, gadget or utility, have to be constantly verified. That is essential as a result of a weak utility or unpatched gadget may be simply as harmful as an unauthorised or compromised consumer account.
Identification have to be paired with different contextual info, together with gadget well being and the belongings which might be being accessed. This establishes a steady, risk-based method that accounts for rather more than the consumer identification alone.
Harnessing community segmentation
Community segmentation is one method that’s more and more being paired with conventional identification safety know-how. It’s a essential pillar of a profitable zero-trust technique, and making use of the ‘by no means belief, at all times confirm’ precept to manipulate segmentation permits the implementation of zero-trust segmentation (ZTS).
This know-how acts like a collection of gates inside an organisation’s infrastructure. Even when an attacker breaches one space, they will’t transfer freely to the following. This methodology turns into extremely efficient when a robust understanding of the identification of each entity on the community is used to construct managed pathways for communication.
The power to use segmentation primarily based on identification is what makes zero belief so highly effective. Microsegmentation, which applies probably the most granular stage of controls to section all the way down to the workloads stage, enormously enhances cyber resilience.
By making use of granular controls at each layer, organisations can make sure that solely verified entities can connect with essential assets. This makes it more durable for attackers to take advantage of any weaknesses and slows down any profitable assaults.
Trying forward
Whereas consumer identification ought to stay a central a part of any safety technique, units, functions and community connections characterize the following frontier of danger. These non-user entities have to be introduced into the fold of safety methods to stop changing into the ignored vulnerabilities that attackers love to take advantage of.
By embracing an expansive view of identification, organisations can transfer past reactive safety measures and construct extra proactive, resilient defence methods. Integrating identification into each layer of the community, supported by zero-trust rules and segmentation, empowers safety groups to keep up management, even in a dynamic risk panorama.
By Raghu Nandakumara
Raghu Nandakumara is head of trade options at Illumio. He’s accountable for serving to prospects throughout quite a lot of industries construct resilience and speed up zero-trust outcomes with zero-trust segmentation. Beforehand, he spent 15 years at Citibank, the place he held a number of community safety operations and engineering roles. Most just lately, he served as a senior VP accountable for defining technique, engineering and supply of options to safe Citi’s personal, public and hybrid cloud environments.
Don’t miss out on the data you must succeed. Join the Each day Temporary, Silicon Republic’s digest of need-to-know sci-tech information.