“When teams implement strategies such as monitoring or access management in a silo, they miss the context that comes from the user’s activity in other systems in the enterprise landscape,” says Kevin Dunne, President, Pathlock in an exclusive interview with ITSecurityWire.
ITSW Bureau: How can enterprises advance their digital movements, such as moving to the cloud while containing insider threats?
Kevin Dunne: Enterprises are facing more pressure than ever to move to the cloud, both due to an increased need for remote access during the pandemic as well as pressure to allocate precious IT resources towards value-added activities.
When moving to the cloud, mainly to SaaS applications, the primary consideration is how to build a robust security strategy when a network is no longer a tool at an enterprise’s disposal. Organizations should shift their focus towards access-based strategies, which can translate to on-premise, private cloud, and public cloud applications and provide a single lens through which teams can assess risk across these various domains.
Also Read: Measuring and Improving Enterprise Security With MITRE ATT&CK
ITSW Bureau: Why should enterprises break the silos in their security activities?
Kevin Dunne: As enterprises accelerate their cloud adoption, there is a resulting shift towards more best-of-breed application strategies. Historically, teams were built up to secure specific applications, often supporting a particular department (such as Finance, Sales, or Human Resources).
The shift to multiple applications from various vendors means that teams need to work together to implement strategies to support these applications holistically. When teams implement strategies such as monitoring or access management in a silo, they miss the context that comes from the user’s activity in other systems in the enterprise landscape.
ITSW Bureau: How can cybersecurity teams secure their applications and infrastructure with fewer resources and monetary investment at their disposal?
Kevin Dunne: Generally, an increase in the number of applications to be secured would require an increase in tooling and resources to provide the same security level. However, there are some approaches that can reduce spend on resources and tools to maintain adequate security across the enterprise landscape:
Also Read: Achieving Real Security with Encryption and Key Management
- Look for tools that provide multiple features in one package, leveraging a single implementation: typically, this will save money on implementation and software fees vs. deploying a best-of-breed solution across various categories (i.e. IAM, UEBA, SIEM, SOAR, DLP, etc.)
- Target solutions that can work across the enterprise landscape: with the rise of cloud solutions, many solutions can provide coverage across multiple applications by leveraging open API’s. Combining the information in one platform means teams can use fewer resources and have richer data to reduce response time.
- Leverage automation: wherever possible, look for solutions that can combine analysis with automation, so risks can be remediated without any human intervention to focus on the most complex issues.
- Reduce false positives: more noise = more cost, both in terms of software licensing and human resources required to follow up on unnecessary investigations. Teams must focus their efforts on solutions that can provide high-fidelity alerts with less noise.
ITSW Bureau: What steps can enterprises take to effectively manage all aspects of access governance?
Kevin Dunne: Many organizations are focusing their efforts on a zero-trust approach to access governance, which can be achieved through a continuous, 5 step process:
- Analyze existing users, access, and risks: have a clear view of who can access what, and make sure that users aren’t entitled to more privileges than necessary to complete their day-to-day responsibilities.
- Manage access changes and automate entitlement fulfillment: have a repeatable, automated process for granting and revoking privileges and ensuring that a complete view of user risk is assessed at the time of any permission changes.
- Monitor compensating controls: where access risks might be necessary, make sure to put in place controls that can monitor activity and detect when risks are realized through out-of-policy behavior.
- Alert on anomalous activity: take action – through alerting the SIEM, deprovisioning suspicious users, masking sensitive data, and blocking harmful transactions to prevent and de-escalate the most obvious risks.
- Automate the least privilege and loss prevention: constantly monitor what is not being used to prune potential risk and reduce exposure. Allow users to request infrequently used permissions on a temporary, just-in-time basis rather than granting them permanently.
Kevin Dunne is the President at unified access orchestration company, Pathlock, providing expertise to revolutionize the way enterprises secure their sensitive financial and customer data. Kevin was formerly the Senior Vice President of Strategic Initiatives at Tricentis; as General Manager of TestProject, he ensured Tricentis’ commitment to innovation and delivering tools to create better software. With a deep interest in the emerging trends in software development and testing, Kevin is dedicated to collaborating with thought leaders in this space.