A CISO’s Perspective on Conditional Access
Why did 120 people stand for 20 minutes to hear one talk — and miss out on dozens of other talks, 50+ vendors, and all the Gartner IAM 2019 Summit had to offer?
Magic? Cool Preempt swag?
No, something even more in demand: Conditional access.
At Preempt Security’s showcase talk at the Gartner IAM Summit recently, Intralinks CISO Anjan Bagchee provided his perspective on how a security leader should plan, implement, and benefit from conditional access. The audience was committed because his was a hands-on, real-world perspective.
While we can’t fully replicate the examples and anecdotes Mr. Bagchee gave in his talk, we can provide a summary of what he recommended when embarking on a conditional access program. His talk outlined two basic phases:
- Assess the current environment, and then
- Evaluate a solution to fill gaps
Examining the gaps
While an organization may have numerous gaps, the focus on critical areas will accelerate risk reduction.
Specifically examine the risk associated with:
- Privileged accounts
- High-risk accounts
- Understanding risky behavior
And then determine the effectiveness of conditional authentication already in place. In addition, it is important to inventory the visibility and risk levels of on-premises and cloud user directories to ensure complete coverage.
“Be more proactive about threats that are targeting credentials.”- Anjan Bagchee, Intralinks CISO
Users are the one of the most important assets in an organization. So while we seek to protect them and their activities, we also need to be careful not to introduce too much friction that will limit their core business function.
Considering this balance of usability and security, organizations should evaluate solutions for three areas:
- How well does the solution show and understand the risk levels and activity of passwords of all accounts and more specifically privileged accounts?
- Can the solution provide real-time, complex detection of anomalies? In other words, not waiting for SIEM analysis or post-event threat correlation.
- How easy, but flexible, is the policy engine to adapting to the risks and unique elements of your environment?
In the talk, specific details around what visibility and adaptive responses would be required were discussed, along with examples.
Judging by the interest in this talk, many organizations see conditional access as both reducing risk, as well as reducing friction associated with traditional security solutions.
If you would like to learn more about conditional access or obtain the presentation deck from the Gartner IAM Summit, please contact us.
Posted by Kapil Raina on December 20, 2019 11:16 PM