Never in human history have we been so connected. Everything to do with our day-to-day lives is online, whether it is e-mail, social media profiles, retail preferences, finances, taxes or gaming. The age of the virtual profile is here, and we are, in essence, living the virtual life.
Over the last decade, many companies achieved success in building innovative systems and services to support our online lives. To address our security concerns, they put in place firewalls, virtual perimeters and other security measures that would ensure a basic and simplistic identity rule was met - keep the "good guys" in and the "bad guys" out.
The recent increase in high-profile cyber attacks has shown that these basic security perimeters have been breached, often exposing our personal data and business assets.
This simplistic security model no longer makes sense in today’s evolved threat landscape. With the right tools, an individual with malicious intentions, but the right techniques, could easily pass themselves off as a legitimate user. As a result, some network security perimeters will fail to differentiate whether a transaction is authentic or not.
At the heart of solving this problem lies identity management (IM), which can bring a more sophisticated trust process for businesses and individuals alike. IM solutions exist to profile digital interactions and capture other characteristics. They might seek answers to questions such as where the interaction originated. Did it require a device like a mobile phone or a computer? If so, when was it used? Are there multiple identification factors that can be considered, for example, a physical or software token, or biometric?
By understanding more detailed and specific patterns such as these, IM specialists can develop a clearer picture about network security and then implement robust and more advanced trust rules.
Moreover, IM solutions can be used to fight the battle against the ever-present risk of advanced persistent threats (APTs). When faced with an APT, it will be key to triage quickly and efficiently to determine the damage and isolate it. This requires understanding of affected identities, devices, controls and data through integration of identity management with data loss prevention, governance, risk and compliance and security information and event management, along with other forms of threat intelligence.
But, how realistic is all this? All companies have limited resources and budgets, so how can businesses reasonably defend against the cyber threat?
The first and most crucial step is understanding where likely "enemies" may exist, and then put in security measures that will counter-act potential attacks. Next, organisations should look to build information about these threats and implement techniques to actively monitor security systems. Finally, businesses should analyse areas of potential vulnerabilities and seek to prioritise improvement of systems and services.
Throughout all of this, IM can be used to bring depth to this process because it can help to identify where high-risk users and critical business assets lie. It can allow organisations to selectively deny access to users or devices, and provide identity-centric forensic audit trails. In addition, real-time profiling and access policy management can add yet another effective protection against potential hacks or cyber threats.
Ultimately, businesses should not become complacent about cyber security - it’s no longer a case of if a cyber attack will happen, but where is it happening. While there are many tools and processes available, such as IM, they should not be used in isolation. Instead, a strong offence should include IM in combination with strong business processes, robust security and controls, enterprise resource planning, change management and relevant technology and software. Only then can organisations truly stay one step ahead of today’s cyber criminals.
Ian McCaw is enterprise risk services partner at Deloitte, the business advisory firm.
This was first published in February 2012