Because according to Paolo Lossa, Country Sales Director of CyberArk Italia, the traditional approach to password management is no longer sufficient.
What if password protected way inadequate were the only obstacle separating attackers from an organization’s sensitive data and assets? Despite the danger that passwords can pose, managing them is often overlooked. Most companies don’t use enterprise-grade security to protect themselves. Instead, they prefer traditional and outdated password management tools that can lead to so-called “password fatigue”.
Password management
Also, many of the apps used in the workplace don’t take advantage of i modern protocols of identity. While most integrate with single sign-on solutions to avoid password management issues, some applications still require independent username and password. To make matters worse, any user today can become privileged under the right circumstances. Based on the resources he accessed, leaving companies even more susceptible to security breaches.
I dati di Identity Security Threat Landscape 2022
According to CyberArk’s Identity Security Threat Landscape 2022 report, an average of 47% of Italian employees today have particularly high access to corporate resources. Criminals have increasingly focused on exploiting lax practices to breach an organization’s network. So as to study methods to improve their access possibilities. When you consider that an average employee owns approx 100 passwordit’s a gold mine of opportunity.
Worrying but common scenarios
When it comes to passwords, these are just a few common scenarios of particular concern:
- Passwords that are easy to guess and do not meet strength requirements
- Reused passwords for business, personal and social media applications
- Passwords stored insecurely in spreadsheets, sticky notes and in the browser
- Passwords communicated from one user to another through email, messaging apps, and more
Mitigate psw management issues
The first thing to consider is the management of employee passwords and their security, protecting them and maintaining their complexity over time. It must be recognized that the passwords of all personnel must be protected with the same approach applied to privileged user credentials. If attackers treat employee credentials as privileged, so should corporate executives.
Five stages of password management security
In general, when frequently used applications are accessed outside the company’s security controls, there is no way to track activity, control the strength of passwords, and revoke access to them when they are no longer needed. There are five steps any security team looking to improve workforce credential protection should explore.
1 Advanced Authentication. Essential first step to combine intelligent authentication with an improved user experience. It requires a form of adaptive MFA that can vary the difficulty of authentication challenges based on real-time information about user behavior.
2 Storage that prioritizes security. Involves researching ways to introduce vault-based storage for workforce credentials. With the flexibility to define how accounts and credentials are stored, managed and retrieved. For example, an enterprise-level tool might provide the security administrator with options to automatically archive new credentials in self-hosted vaults. And allow users to retrieve them without connecting to a VPN.
Password management: the traditional approach is insufficient
3 Management and secure sharing of credentials. Allows users to securely share credentials without revealing passwords. But it also provides the ability to: Protect privacy by controlling who can share, view, and change credentials. Also impose time limits on access to specific applications. Finally manage the transfer of credential ownership to new users.
4 End-to-end visibility. It implies that security controls go beyond the point of authentication. In this case, companies should look for a way to request an extra layer of protection that allows all actions to be monitored and logged. Once the user is logged in, with the support of a complete audit trail.
5 Secure and frictionless user experience. This last step requires companies to manage and secure workforce passwords that can: Easily integrate with corporate directories and third-party identity providers; recognize when users enter credentials and offer to save them in a secure, vault-based location; automatically and securely complete credential fields for a quick and hassle-free login experience; generate unique and strong passwords for users whenever needed.
The need for a holistic approach
These five steps build a risk-based, holistic approach to identity security. Helping companies enforce consistent privilege checks. Also underlining the fact that greater complexity requires tighter controls for sharing and transferring passwords. This is a broad strategy, all the more necessary given the amount of sensitive data that employees can access every day. It prevents workers from taking shortcuts that can unintentionally create openings for malicious people to enter the corporate network.