Secure access to data – why is it so important now and how to implement it in a business setting?

The term “cloud computing” was first used in 1996. 3 years later Salesforce, as the first company in the world, provided an application that could be used over the Internet. That was the big change which started the digital transformation of business. This process has shifted to top gear in recent months. Are companies prepared for these changes? How to ensure data security in this increasingly digitalized business environment? Solutions which protect and monitor digital identities provide the answer to this question.

Before the wide spread of cloud-based applications and the ensuing modifications in the collaboration with customers and contractors, companies functioned in a quite hermetic environment. On a daily basis, employees used data available on company servers. They connected to those servers with company computers within the internal company network. If they worked outside the premises, they accessed databases and applications via VPN. The entire infrastructure was under the control of the IT department.

Business requirements and the market competition made enterprises move towards flexible applications and services available in the cloud. This trend was reinforced by new models of work which became widespread. The access to company systems had to be provided to employees dispersed in various locations as well as to other associates, contractors, customers. This also included access from applications and devices unauthorised by IT departments.

Obviously, the pandemic has resulted in the considerable increase in the number of logins to company systems from outside the internal infrastructure. There are more users operating outside the network, using unsecured equipment and external applications. This means a growing number of credentials which can be targeted by hackers. And they are targeted, since the FBI report from April 2020 indicated the increase in cyberattacks by 400%, says Krzysztof Andrian, CEO at Concept Data. That is why digital identities, i.e. electronic information which allows to identify the user, require special protection measures.

How do hackers use digital identities?

First, hackers obtain credential by phishing (according to Barracuda’s study from March 2020, the number of spear-phishing attacks grew by 667%) or by sociotechnical attacks. The source of the leak could also be the company’s internal applications which are insufficiently secured.

Second, hackers use the credentials to enter the company systems. They look around for other gaps and weak points to get privileged access which will open the way to sensitive information: personal data, financial data and intellectual property.

Third, when they have access to key resources, hackers carry out the proper attack – they steal or encrypt data and they demand ransom for unblocking the access (the MonsterCloud analyses from August 2020 indicate that the number of ransomware attacks increased by 800%).

Zero Trust – an effective way to fight cybercriminals

How do companies try to protect their system users’ identification data? Usually, they implement the policy of strong passwords which should often be changed. But this is far from effective. Employees are unable or unwilling to remember complex login credentials. That is why they fail to follow the guidelines or they forget their passwords, making IT administrators spend a lot of time on renewing the access to systems and applications.

It is an inefficient system which consumes time and resources which could be used for more effective efforts. In addition, even complex credentials can be stolen and used for accessing the company systems and go through with a cyberattack. A much more effective approach is provided by the Zero Trust solutions, says Krzysztof Andrian.

The Zero Trust model assumes that each person in the company’s internal system is a potential suspect. That is why we verify the person’s identity, we check the device the person uses to log into the system and we ensure that the person has no access to data which he or she does not need.

Zero Trust is based on four rules:

1) Strong authentication (multi-factor authentication, using authentication elements other than passwords, e.g. biometric tokens, and secure methods of access managements such as single sign-on)

2) Contextual authorization (secure access for privileged users, applications and identities other than human and the least privilege principle on all platforms, at all endpoints and in all applications)

3) Easy access (one console for administering, sharing, providing access and securing all identities and types of resources as well as automated user service, e.g. in terms of resetting accounts and passwords)

4) Audit and accountability (monitoring of access-related activities and risk identification as well as responding to suspicious behaviour in real time)

Our offer includes many solutions which help to protect company data and digital identities in the Zero Trust model. These solutions include products from the portfolio of CyberArk, our technology partner. We will be glad to help all enterprises and institutions that want to enhance the security of the crucial resources, adds Krzysztof Andrian.

More about data security:

Secure cloud controlling privileges via CyberArk Cloud Entitlements Manager

Imperva SONAR. A new dimension of data analysis and security

If not VPN then what? The undeniable benefits of Zero Trust solutions