Hosted by the Identity Defined Security Alliance (IDSA) in conjunction with the National Cybersecurity Alliance (NCA), Identity Management Day is an annual campaign aimed at educating business leaders and the public on the importance of locking down login credentials and protecting private data online.
It’s a timely topic year-round: According to research from the IDSA, more than 8 in 10 organizations have “suffered an identity-related breach,” and 78% of those businesses saw their bottom line impacted. Preventing incidents like these requires thoughtful decision-making and purposeful efforts to prioritize data security in work and in life—and that starts with educating consumers and business leaders through initiatives like Identity Management Day.
Now in its third year, Identity Management Day 2023 will be recognized on Tuesday, April 11. As the big day approaches, we asked our experts to weigh in on five questions frequently asked by business leaders who recognize why identity management is so critical and are eager to turn their words into actions.
Here’s what our experts had to say:
How has identity management changed over the years, and what is one way we can better protect ourselves online?
“During my time auditing identity management processes, I’ve noticed an increase in character minimums. For example, passwords that used to require eight characters now ask for 12 or more. With the growth in compromised accounts and sophisticated ways to breach and/or impersonate a user, longer, more complex passwords that are harder to guess and the use of multi-factor authentication (MFA) is the best way to keep ourselves protected online. I highly recommend clients enable longer character minimums, complexity requirements, and MFA where possible.” —Gustavo Almanza, Senior, Attest Services
What are some best practices for organizations working toward a strong identity management practice?
“Build identity management best practices into your onboarding process. Have predetermined access based on roles, and require managerial approval for any access above that. Schedule regular access reviews to confirm that all access is in line with user roles and needs. Even if you do not have all the resources to purchase a streamlined solution, consistent documentation and review will go a long way to improve your overall identity management.” —Sarah Varnell, Senior, Attest Services
What are some pieces of advice that you give to clients when talking to them about identity management?
“The biggest piece of advice I give to clients would be to implement role-based access. These controls allow companies to align access and privileges based on their individual roles, in turn, providing a more streamlined and secure process to ensure there are no individuals with inappropriate access rights. I also often suggest clients use MFA and proper authorization process for adding, changing, or removing user rights.” —Teddy VanGalen, Senior, Cybersecurity Consulting
What is the biggest challenge you’ve seen clients face related to identity management, and what advice would you give them?
“Many of our clients are tech startups and may not have considered a federated identity management tool, so they go through a very manual process to provision and deprovision access across multiple systems in their environment. My advice to them would be to look into identity management tools to help automate the access provisioning, review, and deprovisioning processes. These tools help mitigate the risk of manual oversights, such as over-privileged or unnecessary accounts, as well as terminated users maintaining access to critical system components. Identity management tools give our clients peace of mind that access is appropriately managed.” —Whitney Perez, Director, Attest Services
What is one way businesses can better protect their identity online?
“A great way to protect your company’s identity is to automate the process of creating, updating, and deleting user accounts in systems and applications. Because a lot of organizations are often decentralized, many applications and systems can become forgotten and do not necessarily follow the appropriate provisioning and deprovisioning processes. This could lead to unauthorized individuals having inappropriate access to systems, applications, and data.” —Cody Hewell, Manager, Attest Services
* * *
In addition to providing a number of free resources to help consumers and IT decision-makers understand their roles in keeping credentials and data secure, the IDSA has also teamed up with the NCA to host a free, full-day virtual conference to raise awareness and inspire action on identity management best practices.