Last month, our top Identity and Access Management (IAM) experts escaped the Texas heat and traveled to Albany, New York for the 22nd Annual New York State (NYS) Cyber Security Conference. Hosted by three organizations, the New York State Office of Information Technology Services, the University at Albany School of Business, and The New York State Forum, Inc., this two-day conference is part of a statewide effort to increase cybersecurity awareness.
For us, the main highlight of the event was our interactive presentation on Exception Handling for Access Management - Contingent Users & JIT Access, delivered by Mark Brooks, Identity Automation’s Director of Sales Engineering. This well-attended session explored temporary access needs and how to handle external users—a small but often forgotten subset of any organization’s workforce.
We were excited to return to this year’s NYS Cyber Security conference where our IAM experts had the opportunity to network with IT professionals spanning multiple industries, including public sectors in government and education, as well as private sector organizations.
Conference Themes and Highlights
While the two main hot-topics that kept coming up at the Identity Automation booth were identity lifecycle management and multi-factor authentication (MFA), our presentation also fueled interesting discussions related to access management. The session delved into the concepts of least privileged access and exception handling with just in time access, as well as offered a chance for open discussion with questions, such as, “When someone leaves your organization, do you have systems in place to automatically deprovision access to all accounts?”.
Our presentation exposed how insiders are by far the weakest link in most organizations’ security model. Their threats range anywhere from accidentally not logging off of a computer, to password sharing, to falling for malware and phishing attacks that give an outsider control of an internal account.
These are just a handful of the many reasons why companies rely on an Identity and Access Management (IAM) solution to minimize cybersecurity risks by managing employees’ identity lifecycles. This includes authorizing access to information, managing access changes, and removing access when a person leaves the company.
However, there is another, separate segment of the workforce that often isn’t covered: contingent workers. No longer just temps or seasonal workers, today’s contingent workforce represents a growing and important part of a company’s personnel and includes skilled contractors, subcontractors, and partners.
Yet, most companies do not include contingent workers in their overall security models. All too often, the access management process for external users, such as contractors, involves ad-hoc requests, handled manually by the helpdesk or IT personnel. Unfortunately, this lack of centralized oversight leaves the door wide open to attack.
Attendees of our session, Exception Handling for Access Management - Contingent Users & JIT Access, had the opportunity to learn how to evaluate their organization’s current processes and how they can be automated with modern IAM to close security gaps and ensure proper visibility. It’s critical that future security models take a more holistic approach by applying rigorous employee identity management and governance controls to all users, including the entire extended workforce, to reduce the risk of significant and costly breaches.
Continuing to Network and Engage in the Cybersecurity Landscape
This year was Identity Automation’s second time attending the NYS Cyber Security Conference— and we’re already looking forward to next year! We enjoyed the chance to join and network with the other 1,300 other conference attendees and be a part of the discussion on how to reduce the risk of cybersecurity threats.
If you missed us in Albany, there are still plenty of other opportunities this year to meet the experts at Identity Automation. Next up on our events calendar is the Florida Association of Educational Data Systems, better known as FAEDS, which takes place September 15-18, 2019 in Orlando, Florida. Make sure to stop by booth 41 and say hello!