The One Thing

What if I told you the secret to security was just One Thing. It is simple, obtainable and is right in front of you.  

Fort Knox is the de facto standard of security. Granite walls 4 feet thick, vaults housing gold constructed with 27 inches of steel and the largest surveillance network on earth. Not to mention, the US Army guarding the facility. (Interesting Infographic) Yet there is One Thing that protects this compound.

Area 51 is one of the most highly classified areas in the world. Protective measures include elaborate fences, an actual army of guards and cameras galore. Plus it is in the middle of a dessert. Once again there is One Thing that keeps this location secure.

Facebook is hands down the biggest social network on earth. This alone makes them hacker target number one. Security is massive concern. They have special rooms dedicated for hard disc erasing. Redundant data centers to ensure continuous up time. To step it up they hold internal contests looking for security vulnerabilities from within. But there is One Thing that keeps them safe.

So what is the One Thing? While helpful, it is not their bullet proof perimeter. It is just a basic first step to security. Humans have been building walls around things since the beginning of time. People have been doing tricky things to break past them. Think the Greeks Trojan horse breaking into Troy.

The One Thing that ensures your secured environment stays secure – proof of Identity. It is that simple. No one expects to walk in the door of Fort Knox, Area 51 or Facebook with just their name written on a “Hello My Name Is” badge. Yet in the world of Cybersecurity this is often the case.

Verizon states last year 63% of breaches were a result of weak, stolen or default passwords. Using just the most basic authentication of a username/password leaves the door wide open. Weak passwords reused over and over across many systems is often the norm. Security gurus say not to do this but lots of luck with that.

We all have too many passwords remember. Every other week another massive 500 million user breach seems to happen. This data gets posted straight the internet for the taking. Just over the past few years billions of credentials were posted. (infographic) It's guaranteed one of your passwords is out there. I’ll stop here, but point is it’s easy to get your username and password.

So back to the One Thing, what can you do to prove identity? Luckily it is easy and within your grasps. On a personal level make sure to enable 2 step verification. Opt to receive a text message with a code to log into Google, LinkedIn, Facebook, your bank, etc. That is just my public service announcement. I want to talk corporate security.

In the realm of corporate networks how do you prove identity?

1)     Consolidate identities to a single directory used for logging into to all resources. This will be for all users, including privileged users. It will be for web apps, on-prem apps, infrastructure and devices.

2)     Deploy a multi-factor authenticator system that is easy to use, flexible and secure. Easy is mandatory, so have your users download an app to their smart phone. They’ll receive push notifications and be under corporate management. This system works great when it is fast, efficient and works with modern devices. Built right it won’t slow down productivity. 

3)     Require the use of your multi-factor authentication system. Enforce each time a user logs in for the first time. Are they coming from somewhere you are not expecting them? Require multi-factor. Have an IT Admin looking to elevate privilege? Require use of multi-factor authentication. Use this on web apps, servers, databases, VPN’s, big data, ITSM, BI, everywhere…

Focus on the One Thing that is the basis to all great security - Identity. You will lower your risk exposure. Every regulation, security standard and security best practice talks to identity. By default you will have addressed some of the most challenging compliance concerns. Best part – you have a solution that makes your users work life easier and more secure.

Have an opinion, suggestion or concern – please comment below. Interested in talking real world use cases - please reach out. 

Brian Krause is an experienced (16 year) Channel Executive at Centrify that specializes in assisting partners with building-out security practices and go to market strategies. Previously having run the National Strategic Partner program for HP Enterprise Security and was a CISSP on the CDW Security Team.