IT security can sometimes feel like a thankless job. With limited resources, IT security teams are asked to defend the organization from a wide variety of constantly changing external threats They are also responsible for educating their executive teams and peers about the importance of security, which sometimes seems to require super human abilities.
At Venafi, we spend a lot of time talking to security teams that are tasked with these Sisyphean tasks. We wanted to recognize their heroic contributions to keeping their organizations safe against overwhelming odds. So, we asked IT security leaders which super power would help them accomplish even more.
We discovered that many security leaders wanted some form super power relating to privileged access and identity and access management. Apparently, they are constantly saving hapless users from the evils of flawed passwords and weak security controls around privileged machine identities.
We’re not sure what this IAM super power should be called. But one IT leader cleverly labeled the super hero who uses it ‘Captain Identity.’ Here’s what the security leaders we talked to said about the cyber security super powers they’d like to have:
“I would like to be able to have a perfect infallible identity and authentication mechanism to ensure secure communications between authorized users and the ability to permanently revoke the privilege no matter where the data resides. I would use this to stop phishing attacks, malicious web spoofing attacks and protection of sensitive information.”
-Bruce Jones, Fortune 100 HealthCare Company
“I’d like the ability to identify and authenticate the exact person to the exact data they need at the exact time they need it. I'd be called Captain Identity.”
-Larry Whiteside Jr., Optiv
“I want the ability to get people to use unique passwords. This really would be a superpower.”
-Chris Huntington, Nexigen
“How about the ability to make people use complex passwords. Because passwords aren't going away anytime soon. And if people used complex passwords—and didn’t reuse them across sites—90% of stolen identities would go away.”
-Randall Gamby, US Bank
Unfortunately, these challenges are nothing new. We have often heard that identity and access management is an area that needs to evolve to strengthen an organizations’ cyber defenses—especially in connection with privileged access for machines,
The CISO of Michael’s Stores shares some valuable insights on strengthening identity and access management programs in a recent video blog.