Securing Identity Access Management (IAM) Platforms

What is IAM?

IAM is the security discipline that enables the right individuals to access the right resources at the right times and for the right reasons. IAM addresses the need to ensure appropriate access to resources across increasingly diverse technology environments and to meet increasingly rigorous compliance requirements. IAM platforms usually offer some or all of the following services:

Directory Services - Stores user profile data and credentials for authentication
Identity Provisioning - Creates, manages, and governs user identities and access
Access Management - Grants authenticated users the appropriate access to resources
Identity Governance - Establishes processes and policies for managing identities
Access Certification - Reviews and approves user access rights periodically

Examples of IAM Platforms

Microsoft Active Directory
Okta
IBM Security Identity Manager
Oracle Identity Management

The Problem

As more organisations move to cloud-based networks, it is vital that cyber security standards are upheld. IAMs are a great way to centralise cloud-based applications into one platform. However, unfortunately, this also means that if your organisation's IAM platform is hacked, it provides cyber criminals with access to significant amounts of data.

MGM RESORTS: The September MGM attack initiated after the attacker was granted the ability to change the password for an account linked to the organisation’s IAM, Okta. This occurred due to a vishing attack, where the attacker pretended to be an employee when making a call to the MGM help desk. After gaining access to Okta, the attacker went on to effect wider areas of MGM’s network.

OKTA: The IAM company, Okta, also experienced a breach. While Okta initially stated that only a small portion of customers had been affected, it was later announced that the data of all customers had been stolen. The breach occurred after a hacker used stolen credentials to access Okta’s support case management system. From there, the hacker could access the network of Okta customers.

These examples both highlight that IAM platforms need to have stringent cyber security measures in place. While IAMs are designed to be secure, the old mantra of cyber security still holds true; nothing is 100% protected.

The following section outlines the best practices to ensure an organisation’s IAM remains secure.

Best Practices for IAM

Effective IAM depends on people, processes, and technology across an organisation. Here are some best practices to build a robust IAM program:

Document IAM policies and procedures clearly
Classify data by sensitivity and assign access levels accordingly
Integrate IAM processes with HR systems for user lifecycle management
Use role-based access control (RBAC) to restrict privileges
Implement multifactor authentication (MFA) for additional user verification
Monitor user activities for security incidents and policy violations
Review user entitlements and access rights regularly
Maintain well-defined incident response plans for IAM breaches

Building comprehensive IAM with appropriate controls takes time but pays dividends in improved security and compliance. With thoughtful planning and disciplined execution, organisations can strike the right balance between ensuring security, while maintaining usability.

How Can Telesoft Help Your Organisation?

Full Network Visibility in Real-Time

Telesoft provide comprehensive network monitoring tools designed specifically for your organisation’s needs. With industry leading processing power, our tools enable unsampled visibility that allows for granular analysis of network threats and vulnerabilities.

The Telesoft Data Analytics Capability (TDAC) Enterprise Platform provides complete network visibility, real-time threat detection, and sophisticated data retention for historic investigation. As an engineering-led organisation, we work with our customers to provide effective solutions, tailored towards their network infrastructure.

24/7 Managed Security Operations Center (SOC) Service

Telesoft's in-house, UK-based Security Operations Center offers a Managed SOC Service to continuously monitor and detect threats within an organisation’s network. Our team of expert analysts utilise the TDAC Platform to gain full network visibility and conduct proactive threat hunting 24/7/365.

Our cyber team will monitor your network environment, including cloud applications such as Okta and other IAMs, rapidly alerting you to any suspicious or malicious activity, including unauthorised logins to your organisation's IAM application. Based on your organisation’s requirements, our team can also provide active response, isolating suspicious servers and / or suspending rogue users, preventing the breach from escalating.

Conclusion

Identity access management platforms offer significant benefits in terms of centralising user authentication and enabling secure access controls. However, as with any centralised system, IAM platforms also introduce risks if not properly secured. Recent breaches such as the MGM Resorts attack, highlight the need for robust security practices.

Organisations must implement a layered approach to securing their IAM platforms and integrations. Policies, access controls, active monitoring, and incident response plans are all critical. Leveraging solutions services such as Telesoft’s UK Managed SOC Service can also help to reduce risk by identifying and remediating threats and vulnerabilities in real-time.