B Swaminathan
For the Indian channel community, over the last two years, the major shift to remote and hybrid working has solidified Identity’s position at the center of a strong cyber security strategy. While the conventional IT security perimeter no longer exists, with many applications and services are slowly now hosted in the cloud being accessed by a variety of identities in the office, at home, on the road or a combination of all of these.
India lacks a pool of skilled professionals in the cyber security space. Information security professionals are in short supply and most organizations find it difficult to hire and retain talent with the right experience and skills. Threats are now constantly evolving and even the top professionals struggle to stay up to date especially when they are constantly fighting security incidents on a daily basis.
Ensuring secure access to these new cloud-based and legacy on-premise applications requires a transformation of how organizations deploy their Identity Governance and IAM initiatives. These trends, combined with the emergence of Zero Trust and Identity-as-the-new-Perimeter strategies, has really ended the old way of trusted users inside the corporate perimeter and confirmed Identity as the ultimate control plane.
According to Prashanth Subramanian, Co-Founder & Director, Quadrasystems.net, “Identity is central to cybersecurity and is the foundation of the zero-trust model. Most cyber attacks have their origin in privilege abuse, which underscores the importance of a strong, centralized identity and access management solution. With an increasing number of applications that reside across on-premises and cloud environments, most organizations find it difficult to manage identity and access.” He also says in addition to this, the need to work with customers, business partners and vendors – the overhead can increase exponentially. Fragmented approaches result in potential vulnerabilities, while increasing complexity and detracting from the end user experience.
Amarnath Heads the InfoSec practice in 22By7 says , “The growing adoption of SAAS, IAAS, and Work from anywhere & any device, have increased the complexity to safeguard Digital identities which resulted in increasing the attack surface. Credential theft from phishing is often the first stage of the cyber kill chain. Most of the breaches happened by using stolen and/or weak passwords.”
Organisations are facing challenges to accurately analyse the overall security to determine the identities that are susceptible and the problematic privileges. Enterprises are thriving to adopt a Zero Trust-based approach, in which data and identity serve as new basics to be protected. It’s getting difficult to maintain equilibrium between identity security and ease of use.
The purpose of identity protection is to ensure the right person access the right resources. When you look at the evolution of identity protection it started with password protection for our various computer resources we access right from logging in to our system , network shares, websites , applications & apps. As we understand that the basic authentication mechanism to validate the identity is just not good enough to combat the current day cyberthreat landscape we are witnessing exclusive identity management solutions adoption is increasing .
According to Anand V of Raksha Technologies, “The purpose for an organisation to have an identity management system is to enhance security and productivity. The common use cases of why customers like to have identity management is to strengthen security by using Multi Factor Authentication Solutions to ensure ‘you are you’ and not being impersonated by any threat actor.
The second common use case is to enhance productivity by having SSO in place and help users to access various different applications from a single portal . This overcomes users the fatigue of remembering various different passwords . The economy behind the cyber-attacks is majorly due to Identity compromise / account compromise which is ever-increasing and a report says in the US that Nearly $700 million spent on ransomware payments in 2020 alone and is increasing YOY.
Top concerns:
For the Indian resellers, especially those who are dealing in cysecurity, these are the top challenges in terms of identity and access:
Authentication of remote employees or external users
How do we securely provision, manage and authenticate this access in a frictionless way
Tackling the privileged access among various users
How do we interrogate and use what we know about user devices and context to help us make access decisions?
How to make the devices in a better way to be managed and secured
Governing access to sensitive resources on the basis of risk, roles and enabling audits.dentity and Access management solutions are mature, rich with features and offer a broadened scope that overlaps with many adjacent areas.
“Implementing Identity solutions needs a lot of understanding of the existing systems and procedures. We, as a Partner, consider this as an opportunity to help our clients to secure their digital identities by suggesting/implementing the right solution.”, Amarnath notifies who also says the need for a separate practice team to address the Identity market. Generating good amount of Professional Services business.
Opportunities in the space:
The most effective way to empower security teams and get the most benefit from limited resources is to adopt best-in- class technology with built-in automation and AI. The technology has to work with your teams and not against them. If mismatched tools make it difficult to automate processes and if your systems do not work together seamlessly it becomes difficult to analyze events or ensure the right balance between appropriate security and a frictionless user experience. “Thales, SailPoint, BeyondTrust and BlackBerry together offer best-of- breed standalone solutions that provide key components of a modern Zero Trust enterprise identity program. With seamless integration between their platforms you can now quickly and easily assemble the solution you need to solve today’s information security challenges”, says Mohan Kumar TL, Director, Netpoleon India.
When it comes to identity access management (IAM), the matured enterprises have some kind of solution for this and there is a big scope for IAM Products. “IAM ranks 4th in the list of cybersecurity budgets. Around 9% of cybersecurity spend. 38% of enterprise cybersecurity spend is for the services, 14% for Infrastructure protection ,16% on network security equipment and 9% on IAM. Since there is a huge business potential we have a dedicated team to address this line of business. This team should have a fair knowledge on applications , infrastructure and dedicated focus.” concluded Anand.
THIS ARTICLE IS POWERED BY
