If on the perimeter, network, and application security approach focuses more on objects and/or media, this identity-based approach – otherwise known as user-centric security approach – focuses on the subject, the accessor. The accessor/user/identity is regulated in terms of access to resources (both applications, systems, and data) that can be accessed based on their role (role), region / working group (entitlement), regulation / company policy (business policy), the risk owner’s level of risk, and ownership of IT resources (apps / data ownership). Aside from that, you may also need to check out the recommended multi factor authentication as well log me once.
At the end of the arrangement and management, we will get visibility of the information
Do you know where your data and applications are sensitive?
Do you know who has access to it and what is the access?
Are they eligible (according to company policy) for such access?
Are access rights & right?
Do you know what they do with that access?
Can you prove it?
This security approach to answering these six basic questions often escapes your IT security policies and initiatives. Whereas the “YES” answer to the six questions will cover at least 81% of the internal opportunities of the breach (according to Verizon) through the regulation and governance of identity. Because identity is the target of many cyber attacks, efforts to improve security must focus on protecting that identity, and it starts with the regulation and governance of identity.
How many of these companies do not experience the following:
increase performance (performance) so you have to add a number of employees.
restructuring so that it must mutate a number of employees.
experienced optimization so it must rationalize a number of employees.
increase diversification so that it must acquire a number of employees or companies.
fulfill aspirations so that they must serve customers accessing the company’s system.
add collaboration so you have to interact with other company systems.
If the company has experienced one of the six conditions above, it means that the identity in your company will always experience rapid and drastic changes. Without proper regulation and management, this change of identity is likely to be the main potential of cyber attacks – which often starts with stolen credentials that do not meet applicable company policies.