Amber Hickman |
The majority of organisations today are dependent on cloud infrastructure, according to Joseph Carson, chief security scientist and advisory chief information security officer at Delinea.
However, many organisations try to retrofit their existing on-premises security systems to their new cloud environment during the digital transformation process, which can cause a variety of issues.
“It creates a higher risk because the existing security controls don’t typically work well in cloud environments,” says Carson. “They don’t give the same protection and because those organisations are working across a mostly hybrid cloud environment, they provide less visibility, resulting in a scattered security system.”
Many organisations also rely solely on passwords and multi-factor authentication for security, but this can present further risks.
“Employees often reuse passwords across multiple accounts,” explains Carson. “When you’re leaving employees to make these security decisions, you’re leaving your organisation open. Attackers are looking for this initial access and once they gain it, it becomes a free-for-all.”
To combat this, Carson recommends that organisations integrate identity and access management into their cybersecurity stack. This is where Delinea can help.
Delinea provides end-to-end privileged access management (PAM) solutions that focus on authentication and authorisation by making users prove their identity before allowing them access to assets.
“If you’re an administrator and you need to log into a different cloud environment you will have to provide different methods of authentication depending on the type of application you’re accessing,” says Carson. “If it’s a system containing sensitive data, then you might need to do multi-factor authentication, or even have peer verification. This is then maintained for the duration of the session to ensure that your session hasn’t been stolen.
“This is also beneficial for users, as rather than having multiple credentials and passwords for each environment they use, it becomes a single sign-on approach.”
Delinea’s solutions apply the principle of least privilege, which is the foundation of a zero-trust approach.
“The phrase ‘zero trust’ can have negative connotations as people don’t want to hear that they aren’t trusted,” says Carson. “However, we see it as zero-assumption and building trust. We’re assuming that security is not being met, and we’re offering a way that ensures your security solution is able to run in the background and not cause any friction to the user, making sure they can focus on their job.”
Delinea is also able to apply behavioural analytics to PAM. For instance, if an employee typically accesses a system from Monday to Friday but is now requesting access at 2am on a Sunday morning, the application will flag this action as an anomaly.
If they are then unable to satisfy the authorisation process adequately, the organisation can sever the connection to gain additional visibility into the device they are using, their IP address, and more until it is able to confidently validate the request.
“I like to think of it as a digital polygraph test,” says Carson. “The goal here is to move from a static security environment to something dynamic that is always evolving. This allows us to not only protect against current security challenges, but also adapt to future challenges too.”
Delinea works closely with its customers to ensure it provides a security solution tailored to their specific business needs. For example, it helped the US state of Michigan’s Department of Technology, Management and Budget (DTMB) to establish a least-privilege model that complies with federal regulations.
Delinea helped the State of Michigan to implement PAM whilst complying with federal regulations
According to Carson, establishing strong cloud security will continue to be important for public sector entities like the DTMB in the future as major elections and conflicts take place across the world and technologies such as artificial intelligence continue to develop.
“Generative AI has been a big buzz for the last year and attackers are beginning to augment their attack campaigns in real time,” says Carson. “This means they are getting real-time feedback and making modifications in the moment.
“We are entering the battle of the AIs and no longer have the time to pause. Security must be dynamic, adapt to future threats before they happen and have zero downtime for upgrades.”
Furthermore, as more organisations adopt hybrid working models, ‘bring your own device’ policies are becoming the norm for employees who are using their own laptops in their home office, to access corporate resources. According to Carson, this is evolving into ‘bring your own identity’, and Delinea is there to help with the transition.
“Organisations are becoming more responsible for managing the access element of security, and we are at the forefront of helping,” he says. “We’re solving tomorrow’s problems with today’s solutions and that’s something we strive to continue to do.”
This article was originally published in the Spring 2024 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.