May 6, 2019
Zero Trust
SSO

Imposter Syndrome: Why You Can’t Separate the ‘Good Guys’ from the ‘Bad Guys’

Corey Williams – Idaptive
Corey Williams Vice President, Marketing
Imposter Syndrome

Last week, I shared some thoughts around how the former king of cybersecurity, the strong perimeter defense, had been dethroned. Adoption of the cloud and mobile has blown open too many holes in traditional firewalls, and resources (data, applications, infrastructure, devices) are becoming increasingly hybrid or even located outside of the perimeter entirely.

When it comes to identity and access, it’s becoming harder, if not impossible, to distinguish the “good guys” from the “bad guys.” So, how do we separate bad actors from good actors without introducing massive inconveniences to users?

The answer lies in a Zero Trust approach to security.

Zero Trust means “never trust, always verify.” While that might sound obvious for IT and security professionals, the nuance lies in reducing our faith in those perimeter systems alone to keep bad eggs out.

“Knock, Knock” – “Who’s There?”

Today, 10 times the number of breaches occur from identity attacks (such as stolen logins or passwords) as security vulnerabilities, unpatched servers, malware, and the like. While those additional layers of security do matter, organizations must address the vulnerabilities which accompany identity.

This comes into play with something like Single Sign-on.

Single Sign-on (SSO) has some great security benefits, such as access through one portal and cutting down on the overall number of logins and passwords that users need to remember. But what happens if that person loses their device or those credentials are compromised? There’s a security gap and malicious actors now have free rein inside your domain.

The obvious solution is to balance SSO with something like Multi-factor Authentication (MFA), which sends unique codes or tokens to users every time they attempt to login. But wait, now the experience is cumbersome for users who are doing the right thing 99 percent of the time. How can the need for both security and a better user experience be achieved?

Building Trust Through Context

Most people understand that just because a user is connected to the network, doesn’t mean that they’re trustworthy. However, by learning from users’ habits and routine, organizations can start to learn or build “trust” for them through their login context.

This is called behavior-based access, and it’s the hallmark of next-gen identity and access management.

With the right technology, companies can leverage artificial intelligence and machine learning to understand when a user deviates from their normal behavior – such as if they’re on a new device or traveling – and only then grant access once another token of authentication has been verified.

While trust takes on a slightly different meaning in cybersecurity, it also means something important to the end user. The need to balance security without hampering their experience is paramount today.

But verifying every user is just one component of the Zero Trust model. In our next blog for this series, we’ll cover how (and why) you must validate every device.

Corey Williams

Corey Williams – Idaptive
Corey
Williams
Vice President, Marketing

Corey Williams is the Vice President of Marketing & Strategy and lead evangelist for Idaptive, leading all marketing functions, as well as market development and strategy. Corey served as the Senior Director of Products and Marketing for more than a decade at Centrify where he was the visionary behind, and the first product manager of, the set of products that were ultimately spun out of Centrify to become Idaptive, including leading SaaS services for Single Sign-on (SSO)Adaptive Multi-factor Authentication (MFA)endpoint and mobile context, and User Behavior and Risk Analytics (UBA).

 While at Centrify, Corey defined and brought to market seven net-new product offerings directly contributing to the growth of the existing customer base from less than 400 customers to over 5000 customers. He also led efforts with major industry analysts that directly resulted in Centrify being named as a leader in all of the major analyst reports including the Gartner Magic Quadrant and Critical Capabilities reports for Access Management, Worldwide; Forrester IDaaS Wave; KuppingerCole Cloud MFA Leadership Compass; and Network World Clear Choice Winner for Single Sign-on Solutions.

Corey is a frequent speaker and commentator on IT Security and IT Management. He has authored several publications, including “Zero Trust Security for Dummies”, a leading guide for enterprise managers.

Prior to Centrify, Corey led products and marketing for SpikeSource (acquired by Black Duck Software), Syndera (acquired by Tibco), and Journee Software (acquired by Initiate Systems). Earlier in his career, he managed pre- and post-sales consulting for Active Software (acquired by webMethods). 

Corey holds degrees in Mathematics (BS) and Computer Science (BS) from New Mexico State University, as well as an MS in Engineering and an MBA from San Jose State University. 

CHAMELEON-LIKE SUPERPOWER

If Corey could have any chameleon-like superpower, it would be the chameleon's tongue, which is ridiculously fast. Some of the world's smallest chameleons have the world's fastest tongues. In automotive terms, the tongue could go from 0 to 60 miles per hour in a hundredth of a second! “I would be able to complete webinars in 4.5 seconds instead of 45 minutes!”