The average digitally-savvy individual has hundreds of online accounts, and a dozen (or more) distinct digital ‘identities’.The proliferation shows no sign of slowing down, but is also unsustainable.
Digital’s biggest advantage – choice – is also its greatest drawback.
There’s a near-endless pool of potential destinations: clouds, applications and services, for users to select from. Whether free or paid, each destination inevitably asks for a bit of information about the person (or device) wanting access to it. This often results in a set of credentials being created to identify the user when they interact with that destination in future. Information about their use of the service may be collected for personalization, monetization or other purposes.
People are inevitably amassing vast collections of credentials, often a new one for every digital service they interact with. What’s certain is that a person is no longer a single identity. We estimate that a typical person might have upwards of 15 identities distributed across social media accounts, applications, cloud services, mobile, and physical devices.
Even a cursory look at digital usage habits sees account numbers quickly add up.
Globally there are over 5 Billion Internet users who are estimated to have 4.65 billion social media accounts, and 16.1% have access to “streaming services” and 1.9 Billion individuals actively use online banking services.
Risks of Cloud Computing
While there are many benefits of cloud computing, as it offers businesses a convenient, scalable, and readily accessible service to its users; there are also risks associated with the cloud:
Unauthorized Access: The most common cloud security issues include unauthorized access through improper access controls and the misuse of employee credentials. Over permissioned users, particularly administrators and lack of proper entitlement visibility, management and governance are contributing factors. Insecure APIs and unauthorized access are the number one perceived security vulnerability in the cloud.
Data Loss or Theft: When you store files and data in someone else’s server, you’re trusting the provider with your data. However, that doesn’t mean you have abandoned or fully transferred responsibility for your data in event of loss due to system error or theft by cybercriminals. Cybercriminals can hack into servers or malware can render data unreadable by both humans and software. In many cases, this data cannot be recovered so data loss prevention is an essential tool.
Denial of Service Attacks or Distributed Denial of Service: A denial-of-service (DoS or DDoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. This can render systems inaccessible for users and severely disrupt business operations.
Cloud Identity Security
As users, we are largely responsible for generating the content and data that creates our online identities. As a result, it’s reported that 88% of cloud breaches are due to human error, what can businesses do to help individuals stay safe using
Establish an Identity Control Plane: Passwords can often be the only barrier between a cybercriminal and your sensitive information. There are several programs attackers can use to guess or “crack” passwords or even easier to phish credentials. We recommend users follow NIST guidance on updating passwords, which is generally now once per year or upon known compromise. However, to really help mitigate credential sprawl, organizations should establish a global authentication authority to define access policies and apply the concept of SSO’ing everything to its practical limits. SSO (and even passwords) should be used with compensating controls such as MFA and risk signals.
Opt for Multi-Factor Authentication (MFA) Verifications: Leverage MFA for logging in wherever possible. If passwords become compromised, enabling this extra layer of security will decrease the likelihood that cybercriminals who have stolen passwords can log into accounts. Furthermore, adding a layer of intelligence via risk signals will help to decrease MFA fatigue.
Control Privileged Access: Secure and manage administrative consoles and entitlements as well as secrets such as embedded credentials, keys, tokens, certificates and API keys for human and machine identities.
File Encryption: Ensure that all important files are encrypted. To read an encrypted file, the user must have access to a secret code to enable decryption. This means no one other than an authorized user can see it—not even the software provider. This extra level of security will make it difficult for any potential attacker.
By Aubrey Turner at Ping Identity.