Over the past years, a continuing stream of stories around breached customer data and millions of dollars in losses is highlighting the critical role that identity and access management can play in maintaining a secure and compliant environment.
Given that reality, my colleague Pam Dingle from Ping's CTO office, recently hosted a Webinar with Idan Shoham, CTO of Hitachi ID Systems, to discuss identity and access management in terms of secure, compliant environments.
The reality is access management controls and auditability can be difficult to implement even in the most homogeneous environments.
This is a particular issue for those who must adhere to the Payment Card Industry Data Security Standard (PCI-DSS), a set of minimum security guidelines put in place to protect sensitive credit card data.
Underpinning the standard is ensuring only the right people access the right data at the right time and from the right device - combined with the traceability and accountability of who did what and when.
While PCI-DSS isn't new - we continue to hear about companies that suffer theft of customer data that often results in millions of dollars of losses each year. And those stories include organizations that have achieved PCI compliance. Just last week, Schnuck's, a St. Louis-based grocery chain, announced that between Dec. 2012 and March 29th hackers had raided its systems to steal 2.4 million credit and debit card numbers, despite compliance efforts and audits.
According to Verizon's 2013 Data Breach Investigations Report released April 22nd, one of the biggest areas of vulnerability continues to be around authentication. Specifically, authentication-based attacks, which are now the predominant way hackers attack networks. The report states:
"The easiest and least-detectable way to gain unauthorized access is to leverage someone's (or something's) authorized access. Why reinvent the wheel? So, it really comes as no surprise that authentication-based attacks factored into about four of every five breaches involving hacking in our 2012 dataset. Nor is it all that surprising that we see this year after year."
In Part One of Pam's three-part Webinar series on compliance, Idan covers best practices with simple, straightforward advice on what companies should be doing with identity and access management to: