By Nelson Santini, BSI
We live in the real world but transact online. Our critical infrastructure, utilities, and services have heavily migrated from brick-and-mortar to real and augmented reality; to online. To protect this service infrastructure, we follow policies and best practices in cyber security. We employ complex passwords, we encrypt them, and we even combine their use with other factors to restrict access to this infrastructure to those with the authority and need; trusting no one. Still – breaches happen.
The “Order of the Breached” awards medals every day. Some even with a special “C” device for carelessness. Imagine a tech giant writing the password to their Privileged Access Manager (PAM) vault on a yellow sticky that dangles on a cubicle's file cabinet. (You can see that one. Am I right?)
Is your corporation in line for membership?
Whatever the flavor of the month may be; an RMF inventory, a “pen test”, or a “cyber inspection”, do yourself a favor and ensure your corporate cyber security plan is integral to your corporate culture and woven into the way your business operates.
For your corporate cyber security plan to work, it must be adopted. The easiest way for the corporate team to adopt it is to dovetail its deployment, through policy and technology; to routine work activities robustly, imperceptibly, and as frictionless as technology allows.
For example, MFA speaks to robustness. Varying encryption levels, biometrics, time-based passwords, etc. Layering these solutions deters mal-actors and even AI bots from hacking your systems.
A well-designed UI for your corporate applications can help you employ some cyber security measures imperceptibly; like using the video camera on your laptop to ensure the workstation is staffed. Maybe looking for the persistent absence of sound, in order to lock an unattended workstation.
As we get to frictionless (apparently the buzzword for the Spring/Summer ’22 season) we get more into how the cyber security policies and technology combine. How is the MFA is implemented? How is the technology deployed and used? Does it take a PhD to use it, or is it simple and woven into our every keystroke or mouse move?
We’ve come a long way from early 2000’s password dongles, and rudimentary voice or facial recognition. Some of the most advanced Identity Credentials Access Management (ICAM) technologies can even link users to their access profile and credentials through biometrics that collet “0” personal identifiable information (PII). Some ICAM technologies can now not only “prove life”, but also that the “life form” seeking access is but THE one that created the credentials – no one else; human or bot.
Make it easier for your corporate constituents to embrace your cyber security plan. There are plenty of policies and best practices to draw from. And as far as technology, every day we play the proverbial “cat and mouse” game, we find new technologies that flat out beat mal-actors, or simply make it such a PITA, that the effect is the same.
Look to implement a corporate cyber security plan that works for your business model and corporate culture. The technology is out there to make your plan robust, imperceptible, and frictionless to your users.
Stay out of the limelight, be frictionless in your corporate security plan, and protect all credentials; small to large, including your PAM.
Comments