alphaspirit - Fotolia

Australian organisations need to catch up in identity and access management

Australian organisations are lagging behind in terms of identity management, which is not lost on Deloitte as the company expands its Australia-focused resources in this area

Australian enterprises are lagging behind the world in securing and managing user identities, leaving them vulnerable to attack as almost half of all cyber breaches are caused by weak or stolen credentials.

Trey Gannon, the Australian lead for Deloitte’s identity and access management team, recently moved to Australia from the US. Gannon said he believed the continued lack of mandated data breach notifications in Australia was one reason why the nation “is a step behind in identity and access management”.

Citing recent Verizon research, which defined user credentials as “the keys to the digital kingdom”, Deloitte is growing its capability in Australia. The advisory firm is set to bring on board a team of 22 identity specialists – who previously made up Qubit Consulting – from October 2015, swelling Gannon’s team to a total of 60 locally based identity and access management specialists.

According to Gannon, although Australia is currently lagging, there is the opportunity to leapfrog other countries by learning from their successes and failures with identity management. He said this was critical for those companies that want to harness technology to digitally disrupt themselves by offering flexibility to employees to work remotely from any device, and to launch a raft of services to customers which rely on being able to properly identify and authenticate them.

“Identity and access management is becoming the foundation to enable digital transformation,” said Gannon.

Granular identity and access management systems that identify users, their location, what context they are operating in, what device they are using and determine what access rights are appropriate are increasingly critical, he said.

However, technology alone won’t crack the nut. Education programmes will be needed to remind users to properly protect their identities and credentials.

A recent survey of US IT managers conducted by identity security specialist Centrify found 59% had shared their credentials with employees, and 52% with contractors – essentially handing over the keys to the kingdom.

While Centrify has not asked whether Australian IT managers have shared their credentials, it did survey attendees at an AusCERT conference earlier in 2015 about systems breaches, and found 46% said they had experienced an attempted breach in the previous week, highlighting the extent of the problem.

According to Centrify’s senior director for sales in Asia-Pacific, Niall King, cloud computing and mobile access are creating security headaches for IT where “identity is the new perimeter”.

“The challenge is that today’s corporate perimeter has nothing to do with physical headquarters. As employees reach for the cloud or their mobiles to get their jobs done, it opens up greater security vulnerabilities. As a result, there is a greater need than ever for unified identity security across multiple devices and platforms,” said King.

This is music to the ears of Infoblox, a company that focuses on security systems to protect internet domains and IP addresses, and which recently unveiled its identity mapping system in Australia. This links network security systems with user identities managed through Microsoft Active Directory logs, which tie user identity to an IP address.

This more granular representation of identity allows IT managers much better identity insights, such as revealing who had access to a particular IP address at a particular time, creating rich audit trails and insight, for example.

Read more about IT security in Australia

Read more on Data breach incident management and recovery