Three theses for the future of Identity & Access Management. Zero Trust makes firewalls and passwords irrelevant. Multi-factor authentication is also a must for access.
The protection of sensitive company networks and critical infrastructures is increasingly in focus in view of the tense security situation. Cyber security concepts currently in use are often put to the test. It is becoming increasingly clear that classic firewall concepts alone are no longer able to offer sufficient resistance to hybrid attack patterns. A modern and centrally organized identity and access management is of particular importance. In this context, becom mentions three essential theses:
Thesis 1: multi-factor authentication
Many companies and government agencies feel a false sense of security because they have implemented multi-factor authentication (MFA) methods. However, not all of these technologies offer sufficient protection against online attacks. For example, one-time passwords (OTP) via smartphone app or registrations via SMS or voice call are no longer phishing-proof by today's standards. On the other hand, MFA procedures based on standards such as WebAuthn or Fido2 in connection with hardware-based security tokens or smart cards are recommended.
Thesis 2: The era of passwords is coming to an end
In the context of modern identity and access management, passwords have lost their former role and usually do not offer any added value that goes beyond a perceived gain in security. Ideally, passwords can be completely dispensed with. If this is not possible or desired, then – contrary to intuition – complex password rules or the obligation to change the password regularly should be avoided. The reason: It has now been shown that regulations of this type often have the opposite effect in practice and tend to lead to less secure passwords and processes.
Thesis 3: Only grant as much access as is absolutely necessary
Role-based access control is usually based on relatively static and predefined roles. This almost inevitably means that employees also have unrestricted access to resources that they use again and again, but only relatively rarely. It is therefore advisable to use significantly more dynamic and detailed access authorizations wherever possible. Ideally, users only have access to a specific resource for the period in which this access is actually needed.
“Ultimately, zero trust means a clear paradigm shift. The previously used concept of a supposedly secure internal network, which is protected against threats from the Internet by a firewall, no longer offers sufficient security against modern attack techniques. The basis for a Zero Trust concept, on the other hand, is to regard the internal network as fundamentally insecure and compromised. A logical and clear consequence of this is to move from a user login at the network level to a login or authentication at the application level. The growing number of reports of cyber attacks being carried out more and more professionally by a wide variety of actors shows how important and also time-critical the implementation of such a network security architecture is,” says Ralf Becker, Managing Director of becom Systemhaus GmbH & Co. KG.
More at becom.net
About becom system house
becom is one of the leading IT system houses in Central Hesse and is also one of the largest internet providers in the region in the business segment. The company, which was founded in 1988, is a network specialist offering solutions for all aspects of topics such as Internet connection, site networking, IT security, VPN and cloud computing. Since 2017, becom has mainly been involved in the planning and implementation of SD-WAN infrastructures (Software-Defined WAN). The system house is based in Wetzlar and looks after companies, authorities and organizations in the entire German-speaking area.