If you miss the days when all you had to do to protect your organization’s critical resources was secure one point of access, who can blame you? It was certainly an easier time, but not a better one, when you think of all the opportunities that today’s far more complex and constantly changing access landscape has opened up. Your challenge now is to find effective ways to secure access to critical resources, so that you can pursue new opportunities with confidence.
There are five areas where changes in the access landscape have a profound impact on secure access to resources. Let’s take a look at the challenges posed by each, and explore how you can transform secure access in these areas to prepare your organization to protect critical resources as you pursue new opportunities.
1. Virtual Private Networks
The challenge of securing the virtual private network (VPN) has grown dramatically as user populations have grown and changed—and as they continue to grow and change. Today’s VPN is no longer limited to full-time, fully-vetted employees. It’s now essential for contractors, vendors, customers, partners, audit teams, and others who need ready access to a variety of resources in order to work productively with your organization.
When you’re dealing with such a diverse and dynamic set of users, many of whom are external to the organization, this heightens access risk. After all, how can you know whether users requesting VPN access really are who they claim to be? And how can you find out without imposing an unnecessary burden on legitimate users to prove their identities? Given that the VPN provides entry into the heart of your organization, these are critical questions.
2. Cloud Applications
From Microsoft Office 365 to Salesforce, the applications your organization relies on most today are likely to be in the cloud. And the more cloud applications you rely on, the more challenging it becomes to securely manage access to them. For one thing, many cloud applications still rely on the old username/password combination to manage access, which can be easy for an attacker to get past, putting all your critical data in those applications at risk.
Relying on passwords can also create problems beyond security, particularly because users are likely to be juggling multiple applications, all on different cloud platforms, and each with their own access policies. Having to deal with different tools and rules for different cloud services providers is a pain for users and a management burden for IT. If the organization also has a separate approach to secure access for on-premises resources it makes it all the more difficult for everyone involved—and, ultimately, unsustainable.
3. Privileged Accounts
Privileged users have one thing hackers want more than anything else: a single account that’s likely to include all of the organization’s most critical assets. They know if they can find their way in through a privileged account, they can get their hands on just about everything of value. That’s why these powerful accounts pose such a huge threat to the security of the entire organization.
What’s worse is that privileged users, because of their high status in the organization, are likely to have both the most privilege and the least accountability—making their accounts more likely to be abused. When someone requests access through a privileged account, the inability to know with certainty that they’re who they say they are becomes that much more of an issue. The stakes are just too high.
4. Legacy Applications
The longer your organization has been around, the more likely it’s still relying, at least to some degree, on legacy applications or custom applications that pre-date the digital era. There’s nothing wrong with that; if they’re still getting the job done, or if the investment in them is significant, there’s no real reason to make a dramatic change.
Unfortunately, though, these applications likely put severe limits on how effectively you can secure access to them. For one thing, they don’t usually support the standard authentication protocols (such as SAML or RADIUS) typically used to add more robust authentication capabilities to them.
5. Digital Workspaces
Digital workspaces can be a lifesaver for organizations struggling to provide users with access to applications that are both on-premises and in the cloud, via access points ranging from office desktops and laptops to personal mobile devices. These workspaces create a more convenient way for users to gain access to multiple resources and an easier way for IT to secure them.
Regardless how much simpler digital workspaces make it to deliver applications and data across devices and manage them in a unified way, they still can’t tell you whether someone who’s logging in is who they claim to be. That’s their point of vulnerability—and the point at which transforming secure access is essential to securing resources.
The Case for Multi-Factor Authentication
In all the areas we’ve touched on here, you must look at how to transform secure access in a fundamental way to take on today’s access challenges. Making multi-factor authentication (MFA) central to the way you control and manage access to resources in these areas addresses virtually all the challenges. It can provide the assurance that users who want access really are who they claim to be, whether that’s a privileged user or a short-term contractor. It also offers a means of authenticating users to applications whether those applications are in the cloud, in digital workspaces or on-premises in the form of legacy or custom applications.
Moreover, a multi-factor authentication solution employing behavioral analytics and other contextual information to determine the degree of risk can avoid imposing additional authentication except when the degree of risk warrants it. When users are challenged to authenticate only when it seems possible or likely that the request isn’t legitimate, you avoid inconveniencing users who don’t pose a significant risk—while at the same time, challenging those who do.
# # #
To learn more about transforming secure access in the five key areas discussed here, sign up for the RSA five-webinar series Access Transformation in Action, starting May 30. Watch this space for future posts exploring each of the five areas in depth.
Author: Cameron Foley
Category: RSA Fundamentals
Keywords: Authentication, Legacy Application, RSA SecurID Access, MFA, Multi-Factor Authentication, SaaS Application, VPN, Access Management, Access Risk, Digital Workspace, Privileged Access Management, Privileged Account, Privileged Account Management