Protecting agency assets begins with identity-centric security -- GCN gcn.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from gcn.com Daily Mail and Mail on Sunday newspapers.
The Challenge of Securing Non-People Identities
Non-people identities, which can act intelligently and make decisions on behalf of a person s identity, are a growing cybersecurity risk.
Eric Kedrosky
April 29, 2021
PDF
From SolarWinds to Ubiquiti, data breaches have stormed recent headlines, and they all have one risk in common: non-people identities. As affected enterprises recover, there s debate over why these breaches happen and how cloud security can improve. But one thing everyone can agree on is that traditional security is dead, and cloud is the killer. The paradigm has changed, and traditional security approaches no longer work. People and non-people are the new battlegrounds. As US Cybersecurity and Infrastructure Security Agency technical strategist Jay Gazlay said during the most recent Information Security and Privacy Advisory Board meeting, Identity is everything now.
(Source: Mike via Flickr) The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by the National Institute of Standards and Technology and the U.S. Cybersecurity and Infrastructure Security Agency.
At NIST s Information Security and Privacy Advisory Board meeting, Jay Gazlay, a technical strategist with CISA who has been examining the attack since it was first disclosed in December 2020, presented an analysis of what the agency has learned about the attack to date. That included a detailed timeline of how the hackers implanted a backdoor in a software update for SolarWind s Orion network monitoring platform. The update with the backdoor was eventually installed by about 18,000 of the company s customers.