Article by Auth0 CEO and co-founder Eugenio Pace
In an attempt to prevent the growing pandemic of cyber crime, hacks, and breaches, companies are turning to Identity and Access Management (IAM) as a crucial piece of the equation when building or modernising any application or web service.
In fact, a recent industry report by Report Buyer forecasts the world of consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.
This growth comes as no surprise, with a whopping 22 million personal records exposed in the first half of 2018 alone.
In APAC, the figures are even more staggering – 67% of APAC countries suffered job losses as a consequence of cyber attacks in a single year, and recent reports measured the total economic impact of cyber attacks in APAC at an annual US$1,745 trillion – seven percent of the region’s total GDP.
Thankfully, identity access management is rapidly ascending on the Asia Pacific enterprise shopping list, and APAC accounts for the highest growth rate in the entire global IAM market.
Cyber crime affects every business - large and small - but the larger the enterprise, the more that’s at stake.
It’s vital to keep a finger on the pulse of emergent cybersecurity trends, and here are three that should be high on every APAC CIO’s agenda:
Recent IBM-backed studies estimate the cost of data breaches to be at around $3.72million each. Most of these breaches involve some sort of phishing, a form of identity theft that has been unswayed by old multi-factor authentication solutions.
The sophistication of these attacks are so high, and so pervasive, that traditional means of security user identity are falling short.
Using risk-based security and having measures in place to thwart the efforts of cybercriminals is much more effective.
Multifactor Authentication, Breached Password Detection, and Anomaly Detection are essential pieces of any IAM strategy, and users’ real-time data (including time, location, source device, browser and network reputation) are tracked to rate the security of a login attempt.
If flagged as suspicious, the attempt is red-flagged and these measures are put into place, providing additional layers of protection.
“Just like the size of an iceberg, the economic loss for organisations suffering cybersecurity attacks can be often underestimated,” warns Microsoft Asia enterprise cybersecurity group director Eric Lam.
Now, in the wake of the EU’s new GDPR regulations, these economic risks have increased tenfold for companies around the world, with fines of up to 4% annual revenue waving a warning flag.
Obviously, increased identity governance has had to take priority – even in non-EU countries – after the legislation placed identity ownership back into the hands of individuals, empowering them with explicit permission, the “right to forget”, increased transparency, permanency of records, time limits on reporting breaches, and further consequences for companies not complying.
With regulations still evolving (and sure to evolve elsewhere in the market), companies need better (and more flexible) data management tools that help them evolve too - with immediate effect.
So, extensible IAM solutions that help jumpstart identity innovation and enable immediate GDPR compliance are taking centre stage.
Easy-to-deploy access security software enables tech decision makers with a developer/hacker mindset to implement fast and effective measures in their enterprises across all use cases, with the flexibility to expand into any direction.
As cloud technologies, BYOD, remote work policies, and IoT devices infiltrate workplaces, IDaaS (Identity-as-a-Service) is becoming increasingly popular as a one-stop shop for access management.
IDaaS platforms help secure multiple logins across intricate combinations of legacy and cloud platforms in evolving hybrid enterprises.
Enabling companies to compile myriad access points in one seamless interface is a powerful way of providing oversight over all points of vulnerability, regardless of device or user, and improves the user experience of security management for every person involved.
After all, security is no longer just the responsibility of the CIO or CSO.
Employees have increasing power over their own data, and need to be given the knowledge, support and positive user experience in order to remain on board with solutions and measures that help protect their identities.