By Peter Geytenbeek, Director EMEA Channel and Distribution at Delinea
IT security has seen a huge overhaul in recent years. Where strategies had previously been focused on creating a secure perimeter to keep threats out of the network, this model has become increasingly irrelevant. Between accelerated cloud migration and remote working trends, most organizations now operate with a more porous perimeter in which critical assets and users are spread far and wide beyond the old boundaries.
In today’s digitally-led, flexible working world, identity is the new perimeter. Enterprises need to account for workforces that must securely sign in and access critical assets from potentially thousands of locations daily, as well as the fact that many key applications and data sets are hosted off-prem, in the cloud. This means networks are now highly vulnerable to attacks from cybercriminals unless the right safeguards are in place.
With companies moving away from a legacy perimeter-based approach and toward identity-based security, the channel has a vital role to play in helping organizations manage this transition by providing guidance and access to the best solutions and services.
Why Is Identity So Important?
User identities have long been governed by straightforward username/password combinations. Without any additional measures in place, this set-up is highly problematic: a threat actor with stolen credentials is in effect given a free pass to access key systems and data in the network.
The security risk resulting from poor identity security has become exponentially worse. Credential sets are relatively easy to come by through phishing or on the dark web from previous breaches, or simply by brute-forcing the password. The 2021 Verizon Data Breach Investigations Report (DBIR) found that 61 percent of all breaches involved attackers exploiting credentials. Further, the interconnected nature of a typical IT environment today means a single stolen identity can quickly be used to achieve lateral movement and privilege escalation.
Even privileged accounts are often left protected by nothing more than a default username and password combination. These accounts are a primary target in most attacks as they provide access to a wide range of critical systems and sensitive data and attackers can even erase logs to cover their tracks. However, it’s still not unusual to find privileged account details stored in easily accessible, unencrypted files, or openly shared across emails and chats, making them easy pickings for intruders on the network.
Organizations need to ensure that all credential sets, particularly those for high-risk privileged accounts, are effectively managed and secured against exploitation.
Why PAM Has A Key Role
One of the most important tools for achieving this is Privileged Access Management (PAM), which provides several essential functions for protecting these accounts. This includes secure credential management, tracking privileged activity, password masking and rotation, and session monitoring controls to ensure accounts are not being misused.
This means that, even if an attacker manages to access the network with a stolen account, it will be extremely difficult for them to escalate to the privileged powers required for accessing critical systems and doing real damage to the organization.
What Value Does Identity Security Bring To The Channel?
Effective identity security is dependent on a unified, integrated stack of tools and processes. Deploying multiple unconnected solutions invariably leads to blind spots that can be exploited by adversaries, especially against the backdrop of a complex hybrid and multi-cloud environment. All solutions need to be highly interoperable to create a single point of visibility and control for all identities.
This is where a capable partner makes all the difference. Managed Service Providers (MSPs) not only provide access to best-in-breed identity solutions but also can help ensure that the stack is fully integrated, with no gaps or redundancies.
Identity security capabilities are also highly valuable for MSPs themselves since they are entrusted with safeguarding access to the IT systems of their clients. PAM can ensure that privileged accounts for client systems are securely stored and managed, mitigating the risk of them being exploited by threat actors seeking access to their customers.
What Should Channel Partners Look For In Identity Security Solutions?
The ability to act as a trusted advisor who can facilitate worry-free access management is a powerful driver: it opens up new revenue opportunities and attracts repeat business. It also enables MSPs to move beyond a transactional relationship and build closer ties as an expert that helps guide and shape security strategies. Taking full advantage of this opportunity means finding the specialist identity security vendors to work with.
In terms of the solution itself, interoperability is one of the most important features, as the tool must easily integrate with the existing stack and, ideally, other security offerings in the partner’s portfolio.
Alongside this, easy-to-use is a key differentiator. PAM, in particular, can become a complex issue and many solutions on the market suffer from being overly convoluted. An ideal solution will be invisible to the user and easy for IT teams to implement and own without the need for extensive training. Likewise, it should be highly scalable, able to match the agility of a modern cloud environment, and grow with the business.
Finally, the vendor itself is also important. Partners should seek out vendors which can offer training and certification so that the channel firm’s team can become experts in identity security and pass this value on to the customer.
With the right solutions in their portfolio and the knowledge to back them up, MSPs and other channel partners can position themselves as an invaluable trusted advisor in helping organizations leave their old perimeters behind and navigate the new world of identity security.
About The Author
Peter Geytenbeek is Director EMEA Channel and Distribution at Delinea.