April 12 marks Identity Management Day, a day dedicated to raising awareness and inspiring individuals to take action when it comes to safely managing digital identities, hosted by the Identity Defined Security Alliance (IDSA) and National Cybersecurity Alliance (NCA).
As an Identity Management Champion, BARR Advisory proudly supports this cause and is committed to improving online security for personal data.
As we continue to move deeper into the digital space, there’s a growing need to be aware of how our information could be compromised. The IDSA reports 79% of organizations have experienced an identity-related security breach in the last two years, and 97% of organizations will make identity security investments in the next two years.
These statistics serve as an important reminder to take preventative steps toward data security. We’ve asked a few BARR associates how they educate clients on best practices for identity management, and here’s what they had to say.
How has identity management changed over the years, and what is one way we can better protect ourselves online?
“During my time auditing identity management processes, I’ve noticed an increase in character minimums. For example, passwords that used to require eight characters now ask for 12 or more. With the growth in compromised accounts and sophisticated ways to breach and/or impersonate a user, longer, more complex passwords that are harder to guess and the use of multi-factor authentication (MFA) is the best way to keep ourselves protected online. I highly recommend clients enable longer character minimums, complexity requirements, and MFA where possible.”
—Gustavo Almanza, senior consultant, Cyber Risk Advisory
What are some best practices for organizations working toward a strong identity management practice?
“Build identity management best practices into your onboarding process. Have predetermined access based on roles, and require managerial approval for any access above that. Schedule regular access reviews to confirm that all access is in line with user roles and needs. Even if you do not have all the resources to purchase a streamlined solution, consistent documentation and review will go a long way to improve your overall identity management.
—Sarah Varnell, senior consultant, HITRUST
What are some pieces of advice that you give to clients when talking to them about identity management?
“The biggest piece of advice I give to clients would be to implement role-based access. These controls allow companies to align access and privileges based on their individual roles, in turn, providing a more streamlined and secure process to ensure there are no individuals with inappropriate access rights. I also often suggest clients use MFA and proper authorization process for adding, changing, or removing user rights.”
—Teddy VanGalen, senior consultant, CISO Advisory
Additionally, contact us at BARR for information on how we can best help with your identity management practice.