How many times have we forgotten the User and Password of our Amazon account and started the onerous task of credential recovery with no small amount of disappointment thinking, "but why is everything always so complex?"
This time-consuming and cumbersome operation is for us to retrieve the data we need to make our online purchase, but it is mainly for the platform in question, in this case Amazon, to protect access to our account from bots or possible malicious attackers.
The complex of operations and applications governing user and credential management is called Identity and Access Management (IAM). It is a concept with which we will need to become more and more familiar, since technological innovation and increasing digitization demand its use.
Identity and Access Management and Cyber Security
When talking about Identity and Access Management, one cannot avoid a meaty reference to the sensitive topic of Cyber Security. It is no mystery that businesses and governments are increasingly sensitive to the topic and that their most sensitive data and information are bound sooner or later to move from the very heavy and very expensive Hardware infrastructures to the Cloud.
However, these Cloud platforms must be accessed by a plurality of accounts and identities, both human and non-human, and it is therefore crucial to have an Identity and Access Management system that does not hinder access to information by the people who have to work with them but, on the contrary, prevents with absolute certainty that some malicious person can appropriate even very important data.
Protect your sensitive data from unauthorized access
But there is, if possible, a further complication: let's think about the case of a classic company. The CEO with his own account should have access to all relevant information about the company and its employees: he or she should be able to view invoices, outstanding contracts with suppliers, personnel contractual situations, and so on. Employees will not. Depending on their functions they will only be able to some of the information on the Cloud, specifically the ones related to their role. Just think if all employees could see their colleagues' paychecks: that would be a disaster.
Setting up an effective and functional User and Credential Management system also means this: opening and closing the view of certain data depending on access permissions.
What are the risks of an ineffective User and Credential Management system?
The risks associated with using an underperforming Identity and Access Management structure are very high. We can group them into 3 sets:
According to the 2019 Data Breach Investigations report, 34% of data breaches were carried out by internal company personnel, and in 15 percent of the cases, this breach involved the unauthorized use of confidential information. Particularly affected were the insurance, financial, manufacturing, trade, and public administration sectors.
In the case of a classic company active in manufacturing, there will be suppliers of raw materials and banks lending money to the company to purchase them. Imagine what could happen if an employee could have access to accounts receivable and supplier accounts at the same time. He could create fictitious invoices and pay them with the company's money without, of course, anyone upstairs being able to authorize or supervise the operation.
In this case, it is not so much sensitive corporate data that is at risk, but personally identifiable information. The HR department may need access to an employee's medical history, but that does not mean that his or her health status, current and past, must be accessible to other levels, including management. Privacy is also a hotly debated topic these days, so making sure you have an infrastructure in place that can protect it with the utmost seriousness becomes more crucial than ever.
Identity and Access Management… as a Friend!
At Goodcode, we have helped so many companies create a User and Credential Management system that is reliable, accurate and does not allow access to sensitive data by malicious or unauthorized figures.
Specifically, the services we integrate within our IAM platforms are:
- User Database (User Pools)
- Standard Authentication or MFA
- Single Sign On Authentication
- Amazon AWS Cognito Integration
- User Behavior Monitoring
- Amazon AWS Cognito User and Credential Management
- User and Credential Management
A friend knows how to protect you, and we would be happy to protect your company's sensitive data and provide you with a first-class Cyber Security system. For more information, write to us here.