Breach Happens. Got the Right IAM?

It seems as if a week doesn’t go by without us hearing about a security breach that takes down a government installation, causes havoc among companies across an industry, or steals the private data of millions of consumers.  It’s true - in fact, there was nearly a breach every day in 2018 and 342 breaches in the US alone. That’s what our research shows in The Consumer Data Breach Report compiled and published by us at ForgeRock. 

Data Breach Stats

The research looked at all the publicly reported breach data in the United States between January 1, 2018 and March 31, 2019 to get a better understanding of the types of breaches that have occurred and the efforts to guard against and thwart them.  The results are both enlightening, surprising, and alarming. Here are some of the highlights:

  • 2.8 billion consumer records were exposed in in 2018

  • The estimated cost of all these breaches is $654 billion based on the Ponemon Institute’s findings for the average cost of a security breach*

  • Personally Identifiable Information (PII) is the most sought after data in a security breach

  • Healthcare is the most vulnerable industry and accounted for 48% of all breaches followed by financial services and government

  • 34% of all attacks involved unauthorized access

  • Enterprises invested $114 billion in security products and services in 2018 -- an increase of 12.8% from the previous year

It’s no surprise to most of us that there is a direct correlation between increased connectivity/adoption of new technology and the rise in malicious activity.   The more we invest, the more mission-critical these systems become and the more committed we get to preserving that investment. The result is that the impact of breaches continues to rise every year despite the increase in spending on security.

We also noticed the high proportion (one in three) of attacks that involved unauthorized access.  But if you stop to think about the rapid transformation in technology and our usage patterns, it becomes more obvious.  The internal network with a perimeter of protection has disappeared – people connect from anywhere. They use a plethora of devices – most of which are personal. They share a lot more personal data than they ever have before.  The traditional assumptions of access control no longer apply to our new interconnected world. However, many organizations still depend on legacy identity and access management environments for both their workforce and their customer-facing services.  These systems are often internally developed using legacy technologies or toolkits that have not kept up with the advances in technology. Furthermore, these systems have often been tailored for singular use cases that make upgrades both expensive and onerous.  

The results are IAM systems that are no longer effective in our modern environment.

The Imperative to Modernize IAM

According to Gartner, there are several key business drivers for modernizing traditional IAM**.  They include incorporating support for the following key capabilities:

  • Any user or thing – The IAM system should support all types of users including employees and customers.  It should also support things that need to have an identity and connect to resources.

  • Any device anywhere – Employees are no longer working from a designated office or using their company issued computers. And customers are global.  This means the IAM system needs to authenticate and authorize any device that connects from anywhere in the world.

  • Any application anywhere – The number of applications has exploded and they are no longer just within the corporate perimeter.  They could be on premise, a public SaaS application, or hosted on a public cloud infrastructure. They all need an identity and need to be authenticated and authorized to ensure security.

  • Take advantage of the cloud – Everything is moving to the cloud and so should identity.  This includes configurations of infrastructure as a service, platform as a service, and ID as a service.

  • Increase trust and reduce fraud – The ability to safely enable sensitive transactions with customers and partners by requiring and enforcing higher levels of security and assurance.  Conforming with privacy rules and regulations are also an important component of building trust.

  • Leverage existing IAM investments – Few organizations can rip and replace everything.  Look instead at augmenting existing investments with modern advanced capabilities.

ForgeRock Modernizes Traditional IAM

ForgeRock understands these business imperatives and provides organizations with a robust and flexible platform that includes the core pillars of modern IAM.  These include:

  • Intelligent authentication with machine learning and AI  – Going well beyond multi-factor and biometrics, ForgeRock incorporates machine learning,  AI techniques and granular authorization policies to more accurately detect attacks and fraud.

  • Microservices design – With the increase of containerization and serverless cloud technologies, using a microservices architecture is becoming a common design method. ForgeRock allows you to effectively propagate identity information to secure these microservices and their interactions is crucial

  • Flexible deployment options – Everyone is moving to the cloud, but the cloud means different things to different organizations – from private clouds to public clouds to SaaS applications.  ForgeRock can be deployed on any cloud, including hybrid cloud, and protects millions of identities in minutes.

  • Scaling for the Internet – If “identity is the new perimeter,” everyone and everything needs not only an identity but also the identity and access management that goes with it.  ForgeRock has recognized this and designed its platform to scale to secure billions of identities at Internet scale

Modernizing your traditional IAM infrastructure is essential to protect your workforce and customers from the breaches that continue to increase on the Internet.  Whether you are using a home grown system or a legacy environment such as from Oracle or CA Technologies, ForgeRock has resources to help you migrate to a modern infrastructure.

Here is more detailed information to  help with migration planning:

To learn more about ForgeRock Security and preventing data breaches, visit us here.

* - 2018 Cost of a Data Breach Study by the Ponemon Institute, sponsored by IBM

** - The Evolving Architecture of Modern Identity, M. Ruddy, Gartner Research, 2018