Cybersecurity Starts With Access Control
08/03/2019
Humans are often pegged as the weakest link in cybersecurity -- and to a great extent, that’s true. But Forbes says, this axiom misses the bigger point: The reason it’s true is that most companies do not have effective access control.
While training employees to think like hackers can certainly make your company more resilient to cyberattacks, there is always a risk that someone will be compromised. The surest way to limit your organization’s exposure to such risks is to verify the proper controls are in place at the individual level, governing what people can access, when and how. Companies that haven’t solved for access control are not only putting themselves at risk -- they are also suboptimizing every dollar of their cybersecurity spend. What good is spending a million dollars on a firewall if hackers can slip right past it by pretending to be someone else?Unfortunately, this is the reality for many companies today, especially legacy organizations making the transition to the cloud. In this new environment, the on-premise model for access control breaks. How do you fix it? Here’s what 15 years of experience in identity and cybersecurity risk management have taught me about access control in an increasingly cloud-native and API-connected world.
In an on-premise world, security was relatively simple because access control was fairly straightforward. When IT systems operate in air-gapped environments, keeping them secure is largely an exercise in knowing who your customers, partners and employees are and then managing physical access to various systems. In other words, it's good old-fashioned locks and keys, along with additional layers of real-world identity verification for people with higher levels of access.