EN TE RP RISE
SPONSORED REPORT
  OUTL K
  Identity and Access Management Boost Cybersecurity with
Identity as a Service
Identity and access management is critical to the success of government
Pdigital initiatives.
eople are always the
weakest link in security, but the stakes are higher now because of the massive amounts
of sensitive information accessible online and the determination of cyberattackers. The standard username/password approach is no longer enough. Passwords are easy to breach, and when people use the same one for multiple accounts, a successful hack of passwords in the commercial sector can spill over into government agencies.
O ce of Personnel Management’s (OPM) network and steal sensitive personal information of more than 20 million Americans in 2015. The attack was aided by the fact that the agency didn’t use two-factor authentication for workers who accessed the system remotely.
In a recent IDG survey sponsored by Okta, only 30 percent of IT and security leaders said they had a good or better ability to detect when passwords have been compromised. The situation is further complicated by the growing use of cloud-based
strong authentication and restricting what a user can access based on his or her role.
A key challenge is the government’s traditional inability to quickly make use of new technologies. Fortunately, cloud-based identity solutions are helping agencies deploy new security tools and authentication options
as soon as they become available. “The cloud-based model is prevailing because of the ease of deployment for administrators—and the ease of use for employees,” says Eric Karlinsky, director of technical marketing at
Okta.
A central tenet of strong IAM is
multi-factor authentication (MFA), which thwarts credential-based attacks by combining two or more factors from the list of something users know (such as a password), something they have (such as smart card) and/or something they are (a biometric identi er). MFA is more
secure, but it can cause friction
for users, who might view it as a roadblock to productivity. Adaptive multi-factor authentication can potentially help ease that friction.
“Adaptive MFA allows administrators to avoid prompting the end user for multi-factor authentication if the context of their request is normal for them or if it looks like something that falls within your security constraints,” says Karlinsky. For example, MFA might not be required if a user is logging in from a location the system recognizes, but
In a recent IDG survey sponsored by Okta, only 30 percent of IT and security leaders said they had a good or better ability to detect when passwords have been compromised.
Verizon’s 2017 Data Breach Investigations Report states, “If you are relying on username/e-mail address and password, you are rolling the dice as far as password re-usage from other breaches or malware on your customers’ devices are concerned.” The report also states weak or stolen passwords were involved in 81 percent of all breaches in the past year. Verizon’s 2016 report found that 91 percent of attacks targeted credentials.
Hackers famously gained access to valid user credentials to breach the
applications and services because resources are no longer entirely on premises. And given the explosion
in bring-your-own-device work environments, many security experts are now saying that identity is the new network “perimeter.”
It’s no wonder that 91 percent of those surveyed by IDG said identity management was critical or very important to the success of broader digital initiatives. Some agencies have already begun to think about securing their enterprises beyond username and password. They plan to focus on