{"id":48347,"date":"2021-02-22T04:53:09","date_gmt":"2021-02-22T04:53:09","guid":{"rendered":"https:\/\/www.innovationaus.com\/?p=16206"},"modified":"2021-02-22T04:53:09","modified_gmt":"2021-02-22T04:53:09","slug":"security-credentials-and-the-remote-access-challenge","status":"publish","type":"post","link":"https:\/\/radiofree.asia\/2021\/02\/22\/security-credentials-and-the-remote-access-challenge\/","title":{"rendered":"Security credentials and the remote access challenge"},"content":{"rendered":"

Artificial intelligence technology<\/strong> could provide a solution to the growing challenge of securing access for remote office workers, without creating unreasonable hurdles to them working effectively and productively.<\/p>\n

With the surge in remote working resulting from the global pandemic, organisations are struggling to maintain security of remote access without placing too many impediments in front of staff and ensuring that measures are not circumvented by workers who just want to get on with their jobs.<\/p>\n

CyberArk\u2019s Australia\/New Zealand solutions engineering manager Andrew Slavkovic said the company was looking at how to enable a remote workforce to work efficiently and securely by restricting access privileges to only those needed.<\/p>\n

\"\"
Bridging the Cyber divide: CyberArk’s Andrew Slavkovic and Enex TestLab’s Matt Tett talk to James Riley from InnovationAus<\/figcaption><\/figure>\n

\u201cThat\u2019s a difficult endeavour,\u201d Mr Slavkovic said. \u201cWe want to review the ways that we can use something like AI to determine what level of privilege a user will need and then automatically predicting it, so the employee is not in any way hampered in regard to their performance.\u201d<\/p>\n

Further, he suggested AI could be used to help prevent security breaches. \u201cWe want to use AI more in our product set to determine, based on our past experience, a sequence of actions that could result in a malicious or suspicious sequence of activities, and automatically take action to prevent that from escalating.\u201d<\/p>\n

He said a technique for increasing remote access security was to provide users with the minimum level of access privileges required for them to fulfil their role and adjust this in real time.<\/p>\n

\u201cWe\u2019re talking about providing \u2018just-in-time\u2019 privilege as a mechanism and escalating that privilege access as and when required, then stripping it back to the minimum level when it’s no longer needed.<\/p>\n

\u201cThis can be a quite powerful tool, because if that individual account is compromised, what an attacker can do is very limited. They’ll have to discover another account or another identity that is more important to be able to move laterally within the network to obtain whatever target they want.\u201d<\/p>\n

Mr Slavkovic said remote access security had also been boosted through the control framework set out in the Federal Government\u2019s Information Security Manual<\/a> (ISM). \u201cThe ISM control framework has a whole section around remote access. So, in theory, an organisation should have confidence that if they follow the framework, they will have a level of assurance that they’re going to be secure.\u201d<\/p>\n

Mr Slavkovic spoke with InnovationAus\u2019 James Riley, with Matt Tett, chairman and managing director of Enex TestLab, as part of the series, Bridging the Cyber Divide<\/em><\/a>.<\/p>\n

Mr Tett said the government was changing its approach to ensuring security in government organisations \u2013 through audits and certification \u2013 to ensure organisations had sufficient policies and procedures in place to be secure. However, many breaches occurred because these policies and procedures were not adhered to.<\/p>\n

\u201cUnfortunately, a lot of the incidents that we see occur are because people have circumvented the protocols or the procedures which have been put in in place.<\/p>\n

\u201cIf security gets in the way, people will generally find a way of circumventing it; and it’s no different whether you’re working in an organisation, whether you’re in a home environment, or whether you’re in a government department.\u201d<\/p>\n

Mr Tett said the government had shifted the focus from certifying individual products to certifying organisations. The Australian Signals Directorate has recently revamped its Information Security Registered Assessors Program (IRAP<\/a>) under which it endorses cyber security professionals to help secure industry and government information systems.<\/p>\n

\u201cHaving independent IRAP assessors able to go out to agencies and work with the security teams on implementing procedures and policies and standards is very good,\u201d Mr Tett said. \u201cThey\u2019re performing due diligence, or an audit, on an organisation to ensure they have sufficient policies, procedures and practices in place.\u201d<\/p>\n

However, Mr Tett said the policies, regulations and standards needed to be measurable if they were to be effective. \u201cYou can have standards, you can have regulation, but you really need to make sure they’re measurable and actually working effectively. That\u2019s a critical thing.<\/p>\n

\u201cYou want to measure before and after \u2013 measure the benefit of implementing policies and procedures, draw a baseline somewhere, and once you have that baseline, you can measure the maturity of those departments\u2019 and agencies\u2019 security models, rather than just measuring them by the number of incidents that they’ve actually had. It\u2019s better to measure the prevention rather than the cure.\u201d<\/p>\n

The Bridging the Cyber Divide<\/a> podcast series is produced as a partnership between InnovationAus and CyberArk.<\/em><\/p>\n

The post Security credentials and the remote access challenge<\/a> appeared first on InnovationAus<\/a>.<\/p>\n\n

This post was originally published on InnovationAus<\/a>. <\/p>","protected":false},"excerpt":{"rendered":"

Artificial intelligence technology could provide a solution to the growing challenge of securing access for remote office workers, without creating unreasonable hurdles to them working effectively and productively. With the surge in remote working resulting from the global pandemic, organisations are struggling to maintain security of remote access without placing too many impediments in front…<\/p>\n

The post Security credentials and the remote access challenge<\/a> appeared first on InnovationAus<\/a>.<\/p>\n","protected":false},"author":626,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2382,1647,1937,9466,9467,9468,9469],"tags":[],"_links":{"self":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/48347"}],"collection":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/users\/626"}],"replies":[{"embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/comments?post=48347"}],"version-history":[{"count":1,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/48347\/revisions"}],"predecessor-version":[{"id":48348,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/posts\/48347\/revisions\/48348"}],"wp:attachment":[{"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/media?parent=48347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/categories?post=48347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radiofree.asia\/wp-json\/wp\/v2\/tags?post=48347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}