BOXBOROUGH, Mass.--(BUSINESS WIRE)--TÜV Rheinland, the global testing, inspection, and certification body, is taking a new approach in helping medium and large enterprises protect their digital assets against today’s complex, multifactor cyberattacks. Because today’s cloud computing, mobile device access, and BYOD (bring your own device) culture is becoming the norm, it is no longer sufficient to simply guard network entry points with a one-size-fits-all IT security approach. To address this issue, OpenSky, a fully-owned subsidiary of TÜV Rheinland, has published the first in a series of white papers on its latest consulting offering: Threat-Centric Identity Access Management (IAM).
Conventional security architecture takes advantage of ingress and egress points on a fairly well-defined set of enterprise perimeters. Today’s cloud computing patterns have disrupted those perimeters and in some cases (such as mobile devices accessing SaaS) totally bypassed them. Because identity and authentication remain the building blocks of cybersecurity, they are also the top vulnerabilities exploited in a high percentage of attacks. TÜV Rheinland experts point out traditional security methods do not go far enough in today’s evolving network environment. The principle of Threat-Centric IAM addresses this need for improved IAM maturity levels with a distinct focus on the means, motive and opportunity behind a threat model, aligned with security intelligence.
Threat Centric IAM can be defined by the following elements:
- Next generation SIEM (Security Information and Event Management) tools have built-in big data technologies that are threat intelligence- and risk/behaviour-aware, making them threat intelligent systems
- Threat analytics with big data technologies can feed this STIX (Structured Threat Information Expression) interfaces intelligence to all security controls. This intelligence is then integrated into the IAM stack for “design time,” “provision time,” “run time,” and “access time” IAM control responses. STIX will be further integrated with network controls, application controls and data controls.
- Intelligence-driven architecture involving real-time responses based on actionable intelligence. The response can be fine-grained in terms of a recommended set of actions.
“As an enterprise adopts progressively more mature models of threat-centric IAM, their security can tackle challenges like cloud computing, mobile access points, and, at the highest levels, securing Internet of Things devices and SCADA systems against threats. We set forth this robust set of principles to address not only today’s security threats, but to position our clients to anticipate and be prepared for tomorrow’s more complex threats as well,” said Rakesh Radhakrishnan, OpenSky’s National Practice Lead for IAM, and co-author of the white paper.
Please click here to download the Threat-Centric Identity and Access Management white paper.
For more information on OpenSky, please visit: http://openskycorp.com/.
About TÜV Rheinland
Founded in 1872, TÜV Rheinland is a global leader in independent testing, inspection, and certification services, ensuring quality, efficiency and safety for people, the environment and technology in nearly all aspects of life. The company maintains presence in 69 countries, employs 19,300 people and has an annual revenue of more than $1.9 billion (€1.7 billion). TÜV Rheinland inspects technical equipment, products and services, oversees projects and helps to shape processes for a wide variety of companies through its worldwide network of approved labs, testing facilities and education centers. Since 2006, the company has been a member of the United Nations Global Compact to promote sustainability and combat corruption. For more information, visit www.tuv.com/us.
