This week, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released new guidance for identity and access management (IAM) administrators. IAM is a framework for the management of digital identities, covering the business processes, policies, and technologies that ensure user access to data.
The guidance provides recommendations on how to mitigate threats from actors who create new accounts, take over accounts of former employees, exploit vulnerabilities, create alternative access points, exploit users, and compromise passwords. It also provides best practices for identity governance, environmental hardening, identity federation and single sign-on (SSO), multi-factor authentication (MFA), and IAM monitoring and auditing.
Organizations have a particular responsibility to implement and maintain secure IAM solutions and processes to protect their own information and the organizations and individuals with whom they interact, according to the guidance. Securing IAM infrastructure is critical, as it can prevent vulnerability exploitation that could lead to the compromise of multiple systems and data.
Verizon’s 2022 Data Breach Investigation Report shows that stolen credentials have been used in most web application attacks and nearly half of reported data breaches. CISA and NSA point out that IAM solutions should be managed, patched, and updated as any other software, to prevent exploitation.
Organizations need to proactively take the appropriate action to protect against an attack rather than deploy IAM capabilities far too late. To this end, recommended best practices include the hardening of on-site and cloud-hosted IAM systems, network hardening, the implementation of least privilege principles and network segmentation, the assessment of network security, the management and security of critical IAM assets, the internal management of identities, and MFA implementation.
Key points:
• The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) announced new guidance for identity and access management (IAM) administrators this week.
• The guidance provides recommendations on how to mitigate threats from actors who create new accounts, take over accounts of former employees, exploit vulnerabilities, create alternative access points, exploit users, and compromise passwords.
• Organizations have a particular responsibility to implement and maintain secure IAM solutions and processes to protect their own information and the organizations and individuals with whom they interact.
• Organizations need to proactively take the appropriate action to protect against an attack rather than deploy IAM capabilities far too late.
• Recommended best practices include the hardening of on-site and cloud-hosted IAM systems, network hardening, the implementation of least privilege principles and network segmentation, the assessment of network security, the management and security of critical IAM assets, the internal management of identities, and MFA implementation.