You may have heard that identity is the new security perimeter. You might even think that moving to the cloud allows you to leave behind your traditional network security, hoping that your users and assets will be safe as long as you trust no one and authenticate each user. That would be a big mistake, and you will still be at a high level of risk! Whether hosting in the cloud, on-premise, or both, you still need to protect your infrastructure from the threats that can dissolve your identity-based protective measures through identity theft and credential misuse. You must monitor the traditional perimeter, no matter how dispersed, while ensuring strong identity controls at this new virtual perimeter.
Authenticate Your Users Beyond Passwords
You do need to authenticate your users even more carefully than ever. You also need to monitor their activity after logging in. The recent pandemic increased the number of employees accomplishing work from home (WFH), which may have led to an increase in your employees’ personal devices being on your network. More applications are located in the cloud and accessible from your employees’ devices, increasing the scope of access available to a potential bad actor. Meanwhile, bad actors are finding it cheaper and simpler to focus on stealing login credentials over other attack methods. In 2019, 37% of breaches used stolen credentials, and 43% involved web applications1.
Identity theft is frequently gained from user email accounts and endpoints through phishing attacks. Traditional network perimeter defenses can protect email accounts and endpoints by monitoring traffic for phishing and malware. Here are some additional steps you can take in your organization to improve identity security:
- Require strong passwords and force frequent password changes, in case the old passwords were compromised without the user knowing it. To ease frustration for users, consider supporting Single sign‑on (SSO) and password synchronization.
- Use advanced methods for authenticating users, even though bad actors have been known to bypass multi-factor authentication (MFA). Consider using biometrics, such as facial recognition or fingerprints that may be available on the user’s phone.
- Follow open identity standards to make it easier to manage credentials for a large number of vendors.
- Make sure your security is correctly configured. 22% of breaches in 2019 were caused by errors1.
- Limit access to only what is absolutely needed by each user. Put into place clear policies for who can take action on specific resources. Monitor your most critical assets even more carefully. Remove access credentials as soon as an employee leaves your organization.
- Continually recheck identity as the user moves around and in-and-out of your network.
- Keep logs to research attacks, remedy situations, and prove what happened and at what time.
- Train your employees to avoid clicking suspicious links, as well as to question an unknown person entering your office who could appear confident and quietly access your system without being noticed. Warn employees that bad actors can pretend to be a coworker or another helpful professional on the phone, who may devise a convincing story to compromise the employee’s login credentials. 22% of breaches in 2019 included social attacks1.
Minimize Serious Risks through a Complete Approach to Security
Even if your authentication processes are secure and you are hosted in the cloud, you are at risk if you abandon network security. User authentication is important, but it is only one part of the broader security perimeter. A user’s credentials may have been already been compromised, allowing a bad actor to log into your system. The bad actor can then act as someone inside your organization with valid credentials. Your identity management system will have no way to tell the difference. Of course, real users also pose the risk of becoming insider threats or can unknowingly leak information. We are already seeing these types of attacks. In 2019, 8% of breaches were caused through misuse by authorized users1.
The cloud does not automatically protect you from security threats. Cloud providers secure only their own infrastructure, not yours. They may offer security services that are useful for securing your own Virtual Private Cloud (VPC), such as identity management, firewalls, and network access control. However, it is up to you to configure the services. Cloud providers take no responsibility for poor security configurations. Even if you are cloud-based, you must also make sure that vulnerable applications are regularly patched, to reduce opportunities for bad actors to enter your system. Applications in the cloud are just as vulnerable as the same applications in a data center.
Implement Pre-Breach and Post-Breach Tools for Full Security Coverage
When considering a security solution, make sure your tools can handle all the risks. Like all organizations, you want to prevent your data or your customer’s data from being stolen or revealed in an unauthorized manner. For full protection, you need the best of the available pre-breach and post-breach security tools. Tools that excel at early pre-breach detection will:
- Watch incoming traffic for malware and alert as soon as a suspicious event comes in. A good tool will learn what is normal for your network and adapt accordingly.
- Monitor email accounts for phishing. 22% of breaches in 2019 involved phishing1.
- The most advanced security tools will find threats that are newly discovered and not yet widely known, including fileless malware.
Tools that are excellent at identifying post-breach attacks will:
- Sift through your logs to see if something suspicious has entered your system.
- Alert on unusual account activity, such as repeated login attempts, logins at unusual times or from unusual locations, and traffic spikes. Good tools will be aware of all currently known techniques used by bad actors and monitor your system for these.
- The most advanced tools will track users and hosts even as they come and go from your network.
Identity authentication is just one layer of your security concerns. External and internal bad actors can cross this threshold and put your assets at serious risk. Cloud providers expect you to secure your own data and applications, which are just as vulnerable in the cloud as they are in a data center. Choose security solutions that monitor your entire perimeter and cover all of your risk areas.
 Verizon 2020 DBIR (https://www.verizon.com/about/news/verizon-2020-data-breach-investigations-report)