Five Nines Newsletter - Volume 3.

It's here! ??

The March 2023 edition of the Five Nines monthly newsletter ? by Acsense

Buckle up and get ready to dive into the latest and greatest in the world of IAM, straight from the minds of industry leaders, companies, and news outlets around the globe. Think you're ready for some IAM resilience, rain or shine? ?? Then sit back, relax, and get ready to feast your eyes on volume 3 of the Five Nines newsletter.

Stay Resilient ??, it's going to be a wild ride!

Trending IAM News: ??

Relying on a Unified Digital Identity

Enterprises have traditionally struggled with creating and implementing seamless digital identity and access management (IAM) strategies, and that’s not by accident. After all, doing so effectively often involves managing a lot of complexity. But without a comprehensive strategy in place, using even the best cloud computing services in a piecemeal approach can fail. In the long run, extending an organization’s identity services into the cloud is essential.

To that tune, key findings from "The Digital Identity Infrastructure and Services Market by Asset Type, Deployment Type, Organization Type and Industry Vertical 2023 - 2028" report include:

• Over 27% of all communications and commerce solutions will rely upon a unified digital identity approach by 2028
• Digital identity will be the single biggest gating factor to the adoption of enterprise IoT
• The combination of technologies and approaches are required to ensure robust security and privacy
• Driven by emerging opportunities, digital identity infrastructure and services will become a $69.1 billion USD global opportunity by 2028
• The five largest industry verticals through 2028 will be financial services, telecom and IT, insurance, government and healthcare services
• The introduction of 5G service-based architecture will enable many new digital identity opportunities for both human-controlled and machine-oriented devices

Read More >>

IAM News: ??

JumpCloud and Wins

JumpCloud made a splash at this year’s G2 2023 Best Software Awards, where it was mentioned in several key categories, including:

• Top global software companies
• Top security products
• Highest satisfaction software products

JumpCloud is the only listed vendor that offers just one platform to support everything from identity, access, and device management to things like:

• Password management
• Single sign-on (SSO)
• Multi-factor authentication (MFA)
• Mobile device management (MDM)
• Patch management, and more

This makes it especially user-friendly, especially for small to medium-sized enterprises (SMEs) who have the responsibility to manage and secure user’s identities and devices in a way that's simple and cost-effective to implement.?

JumpCloud also “reduces IT sprawl and integrates easily with existing IT and security infrastructure, giving SMEs a solid yet flexible foundation that can scale and evolve as needs and conditions change.”

Read More >>

accSenSe: An Enterprise Business Continuity Platform For Okta

Protect Your Okta Tenant From Cyber Attacks & Human Errors

Book Your Free Demo

Speaker's Corner:???

IAM Tenant Data Leakage: How Collaboration Software Can Compromise Corporate Security

IAM tenant data can leak from a variety of sources that are often only considered by red teamers and adversaries.

The metadata from files saved in collaboration software, like Sharepoint and Google Drive, can be easily enumerated when the file is made public. Once someone clicks "Share via URL" on a file in a business collaboration suite, it is often quickly indexed by search engines and available to anyone with an internet connection. Not only are the contents of the files often interesting, but the metadata can reveal corporate tenant information, internal usernames and email addresses, and employee hierarchy data.

Configuring stricter permissions or monitoring policies around the public sharing of files can protect sensitive corporate documents, and keep the revealing metadata out of adversaries hands.

?– Nick Ascoli , Founder at Foretrace, a Flare Company

Speaker's Corner:???

Protecting Your Business with Adequate Change Control Processes in a SaaS World

Why change control matters – protecting your business in a "SasSified" world.

IAM is a critical foundational pillar and a key component of the zero trust security framework and is a single point of dependency and failure if there is any disruption to this service, especially as enterprises of all sizes and governments are transitioning to cloud-based SaaS providers. And as a business-critical service it is imperative to ensure that adequate change control process is in place to prevent any disruption to business caused by inadvertent changes to the IAM environment.

SaaS solutions including Okta are only responsible for “security OF the cloud", while the user is responsible for the security "IN the cloud”

Ref:?https://www.okta.com/resources/whitepaper/okta-security-technical-white-paper/?&_ga=2.36591264.101098598.1664598419-1991952746.1664598416#shared-security-responsibility-model-7

What does this mean in practice and what is the impact to business – as the saying goes – “the devil is in the details”.

In other words Okta is not responsible for any business impact that is caused by any inadvertent changes to the Okta configuration which impacts user access to business critical applications, but this is not communicated in plain English to customers and in general, customers are under the impression that “as they are leveraging a cloud based SaaS solution, their data is automatically backed up and can be restored at any point in time if needed” by Okta, which is not the case.

Also, there is no inbuilt capability provided by Okta for backup and restore of Okta configurations, and hence this brings us back to ensuring a robust change control process is adhered to ensure that there is no impact to the business, caused by any unauthorized or inadvertently changes done to the Okta configuration.

And leverage the Okta custom admin roles capabilities to ensure that role-based administration access controls is implemented, to minimize and mitigate the risks of business impact caused inadvertently by changes to the Okta configuration.

This also highlights the importance for vendors including Okta to provide a secure, robust "backup and restore" capability for customers given the business criticality of these services and also the high cost of subscription charged for these services.

?– Mohan Mysore , Founder of KnowledgeOnTap

Speaker's Corner: ??

Ensuring Secure Access During Disaster Recovery with Multi-Factor Authentication

Multi-factor authentication (MFA) is an important security measure that prevents unauthorized access to company resources, applications, and data.

In the event of a disaster, companies need to have a disaster recovery plan (DRP) that includes provisions for MFA.?Backup and recovery procedures should be in place for MFA authentication factors like hardware tokens or biometric data to be quickly restored in the event of a disaster. Fallback authentication methods, such as passwords or break-glass accounts, should also be defined if MFA cannot be used.

It's essential to communicate with your workforce about MFA during disaster recovery, and provide clear instructions and support to help employees use fallback authentication methods.

With diligent planning, you can ensure your workforce can access company resources securely, even during a disaster.

– Barry Gordon , Founder of Identity Coach

Company Corner ??

Gear Up for the Future with Decentralized Identity

According to the European Identity and Cloud Conference 2023, the future of IAM is one of decentralization. Decentralized identity management is a Web 3.0 concept that’s developed over concerns about the degree to which centralized identity management has been able to afford users privacy and control over their personally identifiable information (PII).

Decentralized identity could allow business end-users to “be able to interact securely with partners, suppliers, consumers, and customers, and be able to reduce the administrative load during onboarding or ongoing verification of credentials.”

?Read More >>

Company Corner ??

The State of Identity Security 2023: A Spotlight on Healthcare

SailPoint ’s recently-released report “The State of Identity Security 2023: A Spotlight on Healthcare” both examines the current state of identity security in the healthcare industry and hypothesizes what the state of identity security in healthcare could look like.

Read the report to learn more about:

• The importance of identity security to frontline healthcare institutions like hospitals and healthcare centers
• Business needs that will most likely trigger an investment in identity security
• The average time found to grant workforce access necessitating the need for optimization
• Realized benefits of implementing identity security features and measures within healthcare organizations

Read More >>

Company Corner ??

Protect Your Cloud-Based IAM with accSenSe: A TAG Infosphere Interview

Many organizations don’t fully realize just how vulnerable cloud-based IAM systems are to breaches. Further, they mistakenly assume that in the event of a potential breach, their information is safe. But in accordance with the shared responsibility model, this is not true.?

It’s for these very reasons that TAG Infosphere recently sat down with accSenSe Co-Founder and CEO Muli Motola for an interview all about protecting your cloud-based IAM.

In this interview, Motola detailed how accSenSe both “makes it easy for security and risk management leaders to measure and quantify their business continuity posture” and provides “an air-gapped, reliable architecture, enabling organizations to protect their data assets, as well as ensure business and access continuity, even in the face of sophisticated attacks.”

Read More >>

accSenSe on Demand:????Video

Get ready for another thrilling episode of our #Resilience321 Series! ??

We are excited to welcome Luther "Chip" Harris , an Ethical Hacker, Red Team Leader, Penetration Tester, and Senior Cyber Security Administrator.

With over 26 years of experience, Chip has built out cybersecurity and secure network environments for Fortune 500 companies and government entities around the world.

Join us for episode 3 part 2 to hear about his exceptional work as Red Team and Cybersecurity leader for the United States Military, his experiences completing 7 tours of Duty in Afghanistan, and much more!

... And yes, we explain why he had to wear a mask ??

?Watch the Interview

accSenSe on Demand:????Podcast

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry.

Jim McDonald and Jeff Steadman have a discussion with Muli Motola , Co-founder, and CEO at Acsense , about the need to consider Business Continuity Planning (BCP) and Disaster Recovery (DR) for identity infrastructure in the cloud.

Listen on Spotify or Apple podcasts:

MEME Of The Month:???

Thank You For Reading! ??

We hope you enjoyed the February edition of the #FiveNines newsletter!

Share with colleagues or follow us on?LinkedIn?for more IAM resilient insights and trends.

?

About accSenSe: ??

Hailing out of Tel Aviv, Israel, the team at accSenSe, former EMC veterans, have been exposed to the world's most challenging IT and security ecosystems.

Our mission is to protect and recover critical SaaS using our state-of-the-art continuous access and business continuity platform. We provide Okta customers with workforce, and customer IAM needs with a single platform for continuous protection and real-time access management.?

The accSenSe platform is designed to make your IAM system resilient, with features such as One-click recovery, constant verification of backed-up data, periodic testing for keeping the backup up-to-date, and the ability to identify changes between different PiTs (Point in Times).

?To learn more, visit?www.accsense.io.