Modern IT Infrastructure demands Low Friction and High Security

ARCON’s marathon with the virtual summits continues! To expand IT security awareness among global enterprises amid digital transformation, ARCON participated at the CIO Axis Roundtable Summit 2020 on 20th August 2020. Mr. Anil Bhandari, the Chief Mentor of ARCON was the speaker of a keynote session discussing the transformation of the current state of cybersecurity by reducing the friction and striking the right balance between IT security and user experience.

Key Takeaways from CIO Axis Summit
While speaking on “Bridging the Gap between Low-Friction and High-Security Identity Management” at the summit, Mr. Bhandari enthralled more than six hundred attendees in his concrete 20 minutes session. The major takeaways from the summit are as follows:

• Identity with a VPN and device-based security is getting obsolete in today’s user behaviour-centric security technologies. The recent advent of a remote workforce is driving the core of IT security more towards suspicious user behaviour rather than just restricting access to critical systems/ devices.
• Today CIO community agrees on “More the authentication that you require, more the challenges a user has to go through” – which means the trend is taking us towards more of a state where less number of user authentication processes provide more access control security. This means, just because you have multiple authentication mechanisms it doesn’t mean that there is strong security in your IT environment. It can lead us towards a high friction zone where the robustness of Identity Security might turn low.
• The most interesting model of IT security today is an outcome-based model where organizations get inclined more towards a fruitful result than just deploying a traditional security mechanism. For instance, in banks, we no longer just deposit our money just to keep it safe, we calculate and check out the amount of return we can get from just depositing it for a certain period. Another interesting use case is from the education industry where the students are more targeted as per their skills and key expertise rather than just providing general education to one and all.
• The entire world is getting inclined towards an automated IT security model where the users, privileged users, super admins – all are monitored in real-time and their access to critical systems is time-bound.
• In the virtual world, Low-friction is a necessity today. We are dwelling in an era where high-security is prioritized by any and every organization everywhere. Low-Friction ideally means the ability of the end-users or rather the daily IT operations team to have an experiential outcome whatever application or critical systems they access inside the organization very seamlessly. That would raise productivity towards a high level with a robust IT security. ARCON as a brand with advanced risk-preventive solutions always improvises on the solution features according to this “Low-friction and High-security” model.
• Just-In-Time Privilege Security tool offers the best Privileged Access Management practices by removing the risk of standing privileges with the principle of least-privilege principle. It nullifies the chances of data breach incidents majorly by malicious insiders or unrecognized third-party by misusing privileged rights.

Privileged Access Management – An Overview


Key Takeaways from IndoSec 2020
The latest trends in adopting digitalization continue to happen across the globe. At the same time, security vulnerabilities are also arising rapidly and simultaneously. The digital ecosystem is turning worrisome day by day. Recently Mr. Anil Bhandari, the Chief Mentor of ARCON was the speaker of the keynote session on “NextGen Approach to Digital Identities & Vaults” at IndoSec 2020 virtual conclave on 26th August 2020. The key takeaways from the session are –

• Today, data breach is a common incident. Hacking techniques are turning sophisticated day by day and even big names are not spared. Both on-prem and cloud infrastructure today are prone to cyber threats. Almost 47% of organizations store data on the cloud, third-party servers and hybrid environments which expands the threat surface.
• Password Management has been observed to be the most discussed yet most neglected part of IT security. Almost 70% of organizations even today manage passwords manually which increases risks.
• “Low-friction High-Security” methodology has become the need of the hour due to WFH scenarios across the globe. The entire world is working on virtual access where people are working remotely, earning from home and students are learning from virtual classrooms. In this backdrop, as ARCON experienced with most of its customers, VPN access, slow internet, IT security remains the major areas of concern.
• During the pandemic, organizations had to spend thousands on laptops and are struggling to overcome various access challenges such as limited access licenses, slow access, user access permissions, critical data access, privileged access, just-in-time access etc. As a result, the “High-Friction Low-Security” methodology has taken the front seat with a lot of daily IT operations challenges across the enterprise network.
• High-frequency authentication might not lead to higher security. This results in immense frustration from the user point of view because once the authentication processes happen at multiple levels with multiple times, the robustness of the security might turn low especially in the remote workforce.
• ARCON recommends ring-fencing critical identities in an enterprise to ensure smooth IT operations. The conventional controlled access suggests end-users to be on software applications and super-users on software Apps. The attackers always try to gain access to super-user passwords because super users provide complete control of the critical systems.
• Almost 72% of the respondents agreed that privileged identities are major areas of concern. Even in today’s time, when the entire CIO community shouts for robust privileged access security, the organizations are still way behind materializing the necessary deployments. Multiple data centers, critical systems, database servers, business applications, operating systems or even critical devices are accessed through privileged identities which multiples the risk each and every day.
• The device population is exploding significantly across the globe. While the world has 7 billion people, the number of devices has gone up to 15 billion and is expected to reach 50 billion in the next ten years. IoT, APIs, BOTs are coming up significantly across the globe and the number of identities is going to skyrocket in no time. Hence, protecting these identities from malicious elements is the last thing that we would look forward to.
• Work From Home (WFH) practice has necessitated the implementation of secured remote accesses to business-critical applications and systems. Organizations require a robust IT security mechanism to manage, control, monitor remote access and the IT risk management team is more agile in establishing trustworthiness.
• Social Media is one of the simple yet critical areas where organizations are spending bombs to ensure secured access to the accounts. If the social media activities are controlled and managed by third-party agencies then the risk increases exponentially. But are they taking adequate measures to secure the shared credentials? Organizations allow external agencies to handle the social media activities and a single mistake anywhere might lead to a massive cyber catastrophe.
• ARCON even discussed high digital investments where business models, business modules and overall IT security are taking a different turn. With outcome-based models, organizations are more inclined towards user behaviour centric security rather than conventional device-centric security. In the age of automation, monitoring the users and their activities is drawing more attention rather than just preventing them from accessing business-critical applications or systems.
• Lastly, keeping the demand for Zero Trust security infrastructure in mind, ARCON’s security solutions are always a step ahead with the robustness of risk-predictive mechanisms rather than risk-preventive ones. The Predict | Protect | Prevent model of ARCON enables us to build a Zero Trust framework around privileged identities.

The Bottom-line:
The entire world is gearing up for a digital age where automation is going to take the front seat in every industry. For this, monitoring super-users and their activities are going to be the most-sought security requirement in all geographies. Prediction of cyber risks is more prioritized than preventing risks. ARCON participating in virtual IT conclaves are always emphasizing identification of the trustworthiness of the users rather than just preventing them from accessing critical systems or applications.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.