Hong Kong’s rising hybrid workforce calls for a stronger focus on identity security
A conversation with SailPoint on the importance of identity security, and incorporating automation and intelligence to prevent cyber threats
Stolen business credentials are valuable for attackers. They are the preferred point of entry for hackers to launch all kinds of cyber attacks. With the wave of emigration and remote working reaching new heights in Hong Kong, protecting identities in an organization is more challenging than ever.
Automation is key, to improve cybersecurity and drive operational efficiency. We recently spoke with technology expert Chern-Yue Boey, Senior Vice President, Asia Pacific at SailPoint, where he shared insights on why identity security should be at the foundation of a security strategy and how AI and ML can drive a stronger, compliant cyber security posture.
Inno-Thought: What kind of security threats are companies in Hong Kong facing, and why do enterprises need an identity security solution?
Boey: With the pandemic and the emigration wave in Hong Kong, we saw the rapid shift to a virtual workforce, which placed more emphasis on cybersecurity practices as companies in Hong Kong continue to face cyber threats like hacking, phishing and data breaches caused by information security loopholes.
A hybrid, remote workplace also meant that enterprises needed to provide access to their employees no matter where they were, while protecting the entire workforce. To a cyber attacker, the right identity is extremely valuable. It can be used to break into a network, move laterally once inside, and facilitate all manner of fraud and identity theft. Whether it is by phishing or some other means, obtaining stolen credentials is often a critical part of a threat actor’s agenda. For this reason, protecting identities must be a crucial part of any security strategy.
The SailPoint Identity Security Cloud is a bundle of SaaS capabilities that make it easy to build the right identity security program wherever an enterprise is, in its identity journey. It combines identity data with the power of artificial intelligence and machine learning to drive stronger security and compliance across the entire organization.
There are three key differentiating components in the SailPoint Identity Security Cloud suites, namely:
Unmatched Intelligence – Artificial intelligence (AI) and machine learning (ML) automate the discovery, management, and control of all user access throughout their digital lifecycle, ensuring each identity has the right access to do their job.
Frictionless Automation – The automation streamlines identity processes and decisions, such as access requests, role modelling, and access certifications. It frees employees to focus on innovation, collaboration, and productivity as it continuously analyses the organization’s identity program to spot risky behavior and easily connect and control access to every system holistically.
Comprehensive Integration – The product allows integration of a company’s entire digital ecosystem to centrally control access to all data, applications, systems, and cloud infrastructure – no matter how complex the business environment or where it operates.
With these new suites, enterprises are in complete control to govern access and can stay ahead of identity-related risks.
Inno-Thought: How does identity security play a role in the hybrid environment for enterprises?
Boey: A strong identity security solution helps organizations to enable access while securing business everywhere. Many organizations have found that identity security provides multiple layers of business value such as reducing risk, automating IT processes, as well as enhancing the employee experience. These results are achieved by properly provisioning access, protecting the business at scale, and ensuring compliance.
Organizations may associate identity only with access management practices such as SSO (Single Sign-On) or MFA (Multi-factor Authentication). However, this view of identity security is only one aspect of it. Authentication helps to verify the identity of who they say they are, but this practice does not include cross checks to determine if access to resources is allowed and adheres to access policies. SSO and MFA cannot be used to manage or govern which information within a resource a user can see or touch, and this is becoming increasingly important as stricter data privacy regulations require organizations to safeguard sensitive data.
Identity security helps solve the bigger picture. The concept allows for granting, securing, and managing access based on the principle of least privilege (PoLP). This is the idea that every single identity in a company’s network only has the minimum amount of access they need to do their job. By restricting permissions based on job function and user role, enterprises will reduce the risk of users having access to information they should not have access to, and inadvertently or maliciously doing something with that information.
Identity security puts an emphasis on both enablement and security—providing access but properly controlling that access. It involves setting up and defining user roles and creating policies used to govern access throughout the digital identity’s lifecycle.
Inno-Thought: Could you share some tips on securing the remote workforce?
Boey: To secure the remote workforce, organizations need to answer three critical questions: Who currently has access? How is this access being used? Who should have access?
Enterprises need to have complete visibility of all user types and their related access, including all permissions, entitlements, attributes and roles so they can ensure employees receive the right access to the right resources to do their job when they need it.
With AI-driven identity security, organizations can get deep visibility and understanding of all user access, including trends, roles, outliers and relationships. They can also automatically modify or terminate access based on changes to a user’s attributes or location, and automatically perform remediation actions when risky activity is detected.
With an automated identity process, enterprises can easily and securely remove or reinstate access when an employee joins, changes roles or leaves the company, all without any human interaction. This greatly simplifies the onboarding and offboarding process for joiners, movers and leavers.
Automation also makes it simple to enforce access controls and fine-grained entitlements that prevent conflicts of interest, information theft and compliance violations, enabling an effective, and compliant cyber security posture.
Inno-Thought: What’s your advice for Hong Kong enterprises to deploy an identity security strategy?
Boey: With today’s hybrid workforce, a traditional security perimeter is no longer a viable option. Enterprises need a robust identity security solution that integrates with existing systems and workflows which as a result, saves costs, provides extensive visibility, and supports a solid security strategy.
Also, with digital and workforce transformation, there’s a rise in non-human identities, and organizations must ensure these identities are managed with a modern identity security solution that incorporates artificial intelligence and machine learning, especially as the volume of identity data and complexities have increased beyond human capacity.
The SailPoint Identity Security Cloud is designed to deliver the flexibility, ease-of-deployment, and user centricity needed in today’s complex IT environments, enabling organizations to easily discover, manage, and secure all identities and their access to technology resources.
By leveraging AI and ML, enterprises can get intelligence and insights into access privileges, abnormal entitlements, and potential risks so they can easily control access, automate IT tasks, mitigate threats and empower their workforce.
We will be discussing the challenges Hong Kong businesses are facing in managing identities in a hybrid, remote workplace at an executive luncheon on August 31 (by invitation).
Join Chern-Yue Boey from SailPoint and other business executives to explore how AI and ML can empower Hong Kong enterprises to be in complete control to manage and secure identities and stay ahead of identity-related risks.
More details of the event can be found here
Comments