- identity access management
Corporate security between weak passwords and excessive authorization: the first line of defence is..?
Did you know that, according to a recent study on corporate security (“Cloud Threat Report: IAM the first line of defence” by Unit 42 – research and threat intelligence division of Palo Alto Network):
- – 44% of organizations allow password reuse?
- – 53% of cloud accounts allow use of weak passwords (<14 characters)?
- – 99% of cloud users, roles, services, and resources have excessive authorization (that is unused for at least 60 days)?
And these are just some of the data contained in the report in which it is explained that the adoption of an effective Identity and Access Management (IAM) system is a goal for corporate security, the first line of defence and protection of company resources and data.
It is important to have physical tools that protect the corporate perimeter (such as firewalls, antivirus, etc.) but it is equally important to manage users and their authorizations with an Identity and Access Management platform (IAM).
Why? According to the same study:
I cybercriminali cercano organizzazioni con controlli IAM non adeguati, creando una nuova tipologia di minaccia più sofisticata ma che richiede meno sforzi di esecuzione.
In terms of corporate security, and also meeting governance and compliance requirements, an IAM system allows:
- – the correct assignment of authorization and access privileges to company resources, avoiding any risk of excessive authorization
- – the automation of the process of delivering access credentials to company resources, speeding up and simplifying the process traceability
- – the automatic deletion of users no longer in the company or no longer in charge of specific divisions, thus avoiding incorrect or fraudulent access by people outside the company
- – immediate consultation of access profiles for a specific application and interactive mapping of risks in order to promptly act in case of security problems.
And you? How do you manage identities and access to company resources?
We have been dealing with data security for over twenty years: we will review your process together, talk about how to improve your corporate security and try to give you the best advice. Contact us!
Fill out the form below with your email, we will contact you to set up a phone appointment.