IDENTITY DEFINED SECURITY FRAMEWORK€¦ · IAM Best Practices The term Identity Defined Security...
10
IDENTITY DEFINED SECURITY FRAMEWORK Putting Identity at the Center of Security WHITEPAPER
Transcript of IDENTITY DEFINED SECURITY FRAMEWORK€¦ · IAM Best Practices The term Identity Defined Security...
IDENTITY DEFINED SECURITY FRAMEWORKPutting Identity at the Center of Security
WHITEPAPER
2 WWW.IDSALLIANCE.ORG
CONTENTSINTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
TODAY’S CHALLENGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
IDENTITY DEFINED SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
GETTING STARTED - IDENTITY DEFINED SECURITY FRAMEWORK . . . . . . . . . . . . . . . . .4IAM Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5IDSA Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Use Cases and Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
BRINGING IT ALL TOGETHER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
ABOUT IDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
IDENTITY DEFINED SECURITY FRAMEWORK
3IDENTITY DEFINED SECURITY ALLIANCE
INTRODUCTIONWe live in an increasingly connected world . The issue of identity, and its inherent connection to security, is more important than ever . The explosion of cloud, mobile devices and connected things, as well as the consumerization of information technology (IT) has increased the risk of a cyber security attack due to compromised identities, accounts and credentials. A high-profile breach can lead to significant financial and reputational harm.
In the last several years, identity has started the transition from operational and user experience driven to recognition as core to security . However, despite the increase in credential related breaches and the shifting focus to identities and actions as the mechanism for insight in to security events, the majority of organizations are not leading with this premise today . A lack of Identity and Access Management (IAM) maturity, an over-abundance of complex security technologies and confusion over where to start are just a few reasons that organizations miss this inherently valuable identity:security connection .
The Identity Defined Security Alliance (IDSA) was created to help organizations recognize the importance of bringing identity and security together, reducing the risk of a breach through identity-centric security strategies . More importantly, the IDSA is aimed at breaking the problems into common identity-centric use cases and security controls - with the goal of providing guidance and tips for practitioners .
TODAY’S CHALLENGESToday’s investments in security solutions are yielding positive results, but a number of forces play a role in marginalizing their effectiveness. The majority of these solutions provide either a single-point defense mechanism, or require skilled security personnel who can detect, recognize and remediate a sophisticated attack . In addition, organizations and external threats have been evolving in numerous ways, including:
• Explosion in users, identities and environments
• Increased interconnectedness with customers and partners
• Massive amounts of data outside of IT controls
• Consumer-oriented technologies and concepts moving in to the enterprise
• Malicious actors becoming more sophisticated and organized
• Insider threats are as real as outsider attacks
This evolution makes it clear that a new security strategy is required to meet the changes in how we do business, as well as combat the threats that emerge every day .
4 WWW.IDSALLIANCE.ORG
IDENTITY DEFINED SECURITYThis new approach is grounded in 3 foundational concepts:
• All aspects of cyber security must fundamentally work together if they are to achieve meaningful effectiveness
• Every business transaction, attack surface or target involves a credential and a service or piece of data
• The integration of security investments must create greater value for an organization than they do on their own
It’s these foundational concepts that have led to a new way of thinking about security, threading identity through end-to-end cyber security investments . This new approach:
• Enables organizations to dissect each problem with a more holistic, end-to-end approach
• Steers the focus away from single point defense mechanisms to include a broader set of identity and security components
• Challenges the balance between detective vs a more dynamic, real-time, preventive approach
• Leverages the identity context allowing more effective decisions in real-time or near real-time
Figure 1 - IDSA Security Components
This approach leads to a set of requirements that enables each individual identity and security investment to integrate bi-directionally . For example, the intersection of access management, a fraud and risk engine and cloud access security broker (CASB) improves the user experience and increases security, through dynamic, risk-based authentication . If the risk score of the user is deemed acceptable, then the user is given access . If the risk score of the user is deemed unacceptable, then the user is required to authenticate a second time using multi-factor authentication .
A better user experience is provided by eliminating unnecessary steps for valid users, and improved security through additional dynamic vetting of the user, where appropriate . Without the sharing of information across these technologies, a hacker possessing valid credentials could get access to sensitive data or worse yet, elevate privileges in search of higher value assets .
This is just one example of how identity and security technologies can be combined to produce a better user experience and improved security .
PUTTING IDENTITY AT THE CENTER OF SECURITY
GETTING STARTED - IDENTITY DEFINED SECURITY FRAMEWORKThe Identity Defined Security Framework, collaboratively developed by leading vendors, solution providers and practitioners, provides organizations practical guidance on implementing an identity-centric approach to security . The framework is comprised of discrete building blocks of identity and security capabilities (Security Controls) that when combined (Use Cases and Reference Architectures) can meet complex business requirements, supported by people process, and technology recommendations (IAM best practices) to improve the efficacy of the implementation.
IDENTITY DEFINED SECURITY FRAMEWORK
5IDENTITY DEFINED SECURITY ALLIANCE
IAM Best Practices
The term Identity Defined Security might imply that this new approach requires a comprehensive and well established IAM program . Regardless of the maturity level of your IAM expertise and IAM program there are a number of fundamental IAM “hygiene tips” that all organizations should adopt to be more effective.
Identity & Directory - Ensure uniqueness of every human and non-human identity in your directory.
+ This is the DNA of your IAM program for every service and function you will support (provisioning, certs, privileged access, physical access, etc.) A uniquely identifiable catalogue of entities is an important start and a must .
Identity Lifecycle - Automated provisioning/de-provisioning should be implemented with the help of adjacent and applicable business processes .
+ Automation allows you to realize the full benefit of an IAM program - with the goal of reducing the number of manual access changes managed through your Service Management application or other ad-hoc processes .
Identity Governance - Establish governance and policy controls related to the scope and implementation of the IAM Program .
+ Governance policies are inherently identity-centric . A successful governance program cannot be achieved without a common understanding of the scope and responsibility of your IAM Program .
General - Establish an IAM Governance Committee - confirming that IAM policies are followed.
+ Ensures that all IAM policies and controls are adhered to and provides a vehicle to determine overall impact prior to making any IAM program changes .
• IAM Best Practices – recommendations for establishing a solid foundation and improving the effectiveness of the IDSA Security Controls as organizations begin the journey to an identity-centric implementation .
• IDSA Security Controls – Identity-centric security patterns combining identity and security capabilities that help organizations leverage an identity context to improve security posture .
• IDSA Use Cases and Reference Architectures – blueprints that combine IDSA Security Controls to implement identity-centric security for complex business initiatives and scenarios .
Figure 2 - Identity Defined Security Framework
6 WWW.IDSALLIANCE.ORG
Business Driver Example:
• Protect a high-risk application that contains sensitive information .
Components and Required Capabilities:
• Access Management
+ Must have the ability to query Fraud & Risk at application for risk posture
+ Must have the ability to query CASB for risk posture
+ Must have the ability to provide MFA based on response of user anomaly
• Fraud & Risk
+ Must have the ability to send risk status to requesting tool as a defined value (Low, Moderate, High, Extreme)
• CASB
+ Must have the ability to return anomaly status
The current and complete library of IDSA Security Controls can be found on the IDSA website .
Figure 3 - Risk-based authentication integrates the highlighted security components
Use Cases and Reference Architecture
The IDSA Security Controls can be combined to address more complex identity-centric security scenarios, such as the previously published IDSA use cases, or to construct identity-centric security reference architectures for business initiatives, such as Office365 Security, Digital Transformation or Zero-Trust.
The practical guidance provided through the IDS Framework best practices, security controls, use cases and reference architectures help organizations establish roadmaps for a comprehensive platform .
IDSA Security Controls
The IDSA Security Controls are the discrete building blocks for integrating identity and security technologies to create an identity-centric approach to security . A Security Control is a collection of capabilities from at least two IDSA security components (see figure 1) that when integrated, meet a specific security requirement by using an identity context.
Following the earlier example of risk-based authentication, a security control would be defined as:
Security Control:
• Risk Based Authentication - Authentication of a user is based on risk posture derived from one or more risk engines such as CASB, Fraud and Risk, User Entity Behavior Analytics (UEBA) or Security Information and Event Management (SIEM) .
IDENTITY DEFINED SECURITY FRAMEWORK
7IDENTITY DEFINED SECURITY ALLIANCE
BRINGING IT ALL TOGETHERThe IDSA is a community of vendors, solution providers and practitioners that provide an independent source of education and information for reducing risk through an identity-centric approach to security . The IDS Framework is the vendor agnostic, practical guidance that organizations need to begin that journey .
Beyond the practical guidance, the IDSA provides a forum for vendors to collaborate and provide real value to their customers through validated integrations . In addition to the best practices, the security controls detailed by the alliance give organizations a jump start on determining how solutions from the alliance members can fit into existing infrastructures or guidance on greenfield implementations.
The path to identity-centric security will vary by business drivers and maturity, but the following is the recommended approach for how to apply the IDSA Framework in your organization:
Register and participate in the IDSA community1
2
3
4
5
6
7
8
Assess your organizational IAM maturity by reviewing the IAM Best Practices implemented today
Examine your business initiatives and identify the challenges that present barriers to achieving success
Identify the security controls and use cases required to solve these challenges
Inventory your vendors in each of the security component categories required to support the security controls
If those vendors belong to the IDSA and support those security controls, convene a working session to determine a plan to move forward
If your vendors are not members, encourage them to explore participation
If you don’t own a vendor for a required security component, begin the due diligence and discovery process by starting with the members
The IDSA is a community built from industry experts that represent practitioners, technology vendors and solution providers . Throughout your journey, use the IDSA as a source of information, as well as a place for continual learning from organizations who have achieved success .
CONCLUSION
Given the recent threat environment, identity has finally transitioned from operational and user experience driven to a recognition that it is core to security . Organizations often struggle to make sense of complex security technologies and hunger for new approaches to solve complex identity security challenges, improve overall security and extract value out of existing investments . The Identity Defined Security Alliance provides the framework and practical guidance that helps organizations put identity at the center of their security strategy, optimizing cyber security investments while controlling risk as IT infrastructures converge .
IDENTITY DEFINED SECURITY FRAMEWORK
9IDENTITY DEFINED SECURITY ALLIANCE
ABOUT IDSAThe Identity Defined Security Alliance is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity centric security strategies . The IDSA facilitates community collaboration to create a body of knowledge that provides organizations with practical guidance, implementation best practices and validated solutions to reduce the risk of a breach .
The primary goals of the IDSA include:
1. Develop best practices and practical guidance for identity and security practitioners .
2 . Foster vendor collaboration
3 . Community validation of technology integrations
4 . Practice, discuss and evolve as a community
CONCLUSION
MEMBERSHIP
CUSTOMER ADVISORY BOARD
Executive Board Member
Executive Board Member
Executive Board Member
Executive Board Member
Executive Board Member
Executive Board Member
Executive Board Member
Executive Board Member
VISIT US www .IDSAlliance .org
Copyright 2019 IdentityDefinedSecurityAlliance
No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law .
