The IAM Revolution Gets an Ally
Identity is the new perimeter is becoming truer by the day as more and more research shows Identity and Access Management (IAM) will be the most important cybersecurity trend out there. And as a German MSSP called COMback shows, by using Clavister technology, those solutions can be delivered as a service.
It took some years but there’s no denying it anymore: we need to start dealing with a passwordless society. The password—that simple, ubiquitous personal property we use almost a hundred times a day to access our online accounts and networks—is reaching a dangerous point of no return in terms of both personal and business security. Consider these two examples: that of the Dropbox data breach that resulted in 60 million user credentials being stolen started with an employee reusing a password at work. Or another business example shows the financial cost of the password problem. Not applying a simple security patch cost Equifax somewhere between USD450 and USD600 million and countless hits to its reputation.
The World Password Survey from 2018 shows how we, everyday password users, simply can’t cope with this password onslaught. Consumers who responded to the survey have an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts. 31% only use two to three passwords for all their accounts so they can remember them more easily. And lists are far from dead, as the most common way to remember passwords is to keep a written or digital list of all passwords (52%). Verizon Data Breach Investigations Report states that over 70% of employees reuse passwords at work. The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”
Luckily, an answer is at hand. The solution is called Multifactor Identification (MFA), one of the tools of IAM to solve the problem of authentication and who the user actually is. It’s based on a simple principal of something you know (your user ID) + something you have (eg a smart phone) + something you are (a biometric print). Using MFA can drastically reduce the threat surface and as such, is attracting a massive amount of attention. PAC UK and KPMG have research which shows that 92% of respondents to their survey stated IAM spending will maintain or increase in the next three years. And tellingly, the report shows that MSSPs will be a substantial part of this investment as deploying IAM solutions bespoke is a very complex and costly exercise. 57% of the survey were considering adopting a solution at least partly managed by a Managed Security Services Provider (MSSP) for their next IAM investment.
The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”
The hosting is rendered on a dedicated EasyAccess Server in the COMback Cloud Environment. From there we offered it to some of our customers as a service in that cloud environment as well as an on premises offering. We waited to hear their feedback after they deployed the solution,” he describes of the journey.
The reports started to come back, the customers delivered their thoughts. Maurer, ever sensitive to customers trying new security technologies, nervously opened the first emails.
The reports were positive. He knew that he’d found an IAM solution that he could expand and recommend to his entire customer network. “Currently we have about 200 users secured with EasyAccess and OneTouch, with Yubikey Passcode as additional methods at various customers. And we have at least three more projects in the pipeline and we’re confident more will come. There’s a great customer interest in multifactor authentication and the level of enhanced security that it renders. It’s very satisfying to have an answer to a customer’s critical need. Clavister EasyAccess fulfills that requirement very well,” he declares. The COMback story proves that, by using an MSSP approach, MFA can be deployed as a very cost efficient, robust solution that will help companies join the IAM revolution.
Our experienced experts implement our managed services for you. Thanks to regular product training, our employees are always up to date with the latest technology and have a high level of knowledge. All COMBACK employees are security-checked according to strict criteria and publicly obliged to comply with federal and state data protection laws.
For more information visit: https://comback.de/home