Identity and access control in the digital age
Identity and access control in the digital age
Digital change is transforming business but leading to new threats. Explore biometric authentication, federated access, and innovative access controls that promote a zero trust approach to enterprise security.
New face of identity management
Introduction by DXC Technology’s Mark Hughes
Identity and access management is the foundation of everything we do in security, but in many ways enterprises are more vulnerable than ever. As organizations modernize and digitally transform processes, data is increasingly distributed within the enterprise, in the cloud and within a growing number of embedded and connected IoT devices.
Unfortunately, many organizations are challenged with knowing exactly who has access and whether access controls are being consistently enforced across all users, especially those with privileged access — exposing data and vital systems to hackers.
Zero-trust identity services
These threats underscore the need for zero-trust identity services that can be accessed from anywhere and constantly kept up to date, giving the organization a shared view of identity across connected devices, cloud services and legacy applications.
I invite you view this e-book to explore the challenges and solutions for managing identities in the digital age.
Mark Hughes | Senior Vice President and General Manager, Security
Traditional security approaches that locked away data don’t suit the new digital reality of mobile working, cloud-based services and ever-growing numbers of connected devices.
Top 5 identity and access challenges
Enterprise security is no longer just about where the data resides. It’s about verifying the digital identity of the person, machine or service trying to access the data.
Identity theft, phishing and social engineering attacks intensify
Identity theft is nothing new, but theft through phishing techniques is reaching new levels of sophistication. Remember when email phishing attacks were all too easy to spot? The bad graphics, poor email page design and layout and paragraphs peppered with spelling errors were dead giveaways.
Those days are gone.
While today’s phishing attacks are primarily used to separate victims from their money, they are also part of the first wave of advanced persistent threats designed to do long-term harm to enterprises. Criminals use commonly available information, such as personal data found on a LinkedIn profile, for social engineering techniques that trick employees into breaking policy and protocol.
How to stop phishing in its tracks
The best defense is people. That’s why organizations must continually must continually educate employees on how to recognize and avoid phishing scams.
DXC Technology’s PhishED service assesses defenses by simulating attacks and providing training to employees who have been successfully phished. Simulations continue until employees recognize and avoid phishing scams, thereby strengthening the enterprise against future intrusions.
New regulatory imperatives drive change
Building trusted relationships
Secure, delegated authorization builds privacy, consent and trusted relationships. Any organization holding personally identifiable information is impacted by privacy regulations. Non-compliance increases risks that can result in massive fines and possible imprisonment of executives.
For example, the European Union’s General Data Protection Regulation (GDPR) requires organizations to notify authorities of breaches within 72 hours. Failure to comply can trigger fines of 4 percent of an organization’s annual revenue or €20 million, whichever is higher.
Regulatory compliance requires proactive data management and protection, which necessitates fundamental changes in data governance, data retention, security monitoring and business processes.
Learn more about DXC’s GDPR services.
Verifying identities in the cloud
The biggest mistake organizations make is moving workloads to the cloud as quickly as possible — and worrying about security later. To thrive securely in the cloud, organizations need an enterprise-wide, hybrid cloud perimeter strategy that includes traditional security tools, as well as identity and access management, monitoring and more.
In a hybrid IT environment, the ability to accurately authenticate every user’s identity is essential. So is the ability to quickly determine which workloads, applications and data each user is entitled to view, change and share.
1. Confidence in passwords is reaching an all-time low. With so many weak or stolen passwords blamed for security breaches, passwords alone can no longer be trusted. Long, complex password requirements frustrate typical users, faced with memorizing multiple complex passwords. That’s why some users still prefer easily hacked passwords such as “12345,” or they write them down on a Post-It note.
2. Applications are moving from the data center to the cloud. Applications are moving from the data center to the cloud and mobile devices. The decentralization of IT infrastructure is moving more applications and data to public and private cloud-based services. In many cases, enterprises are using dozens of cloud services, which means IT organizations are losing direct oversight of the governance and security controls of their data.
3. Employees and customers are demanding mobile access to everything. For years, application development teams have focused on extending business applications to mobile devices. With BYOD now part of the mainstream at many corporations, IT organizations must secure anytime, anywhere access across a growing number of mobile devices.
4. IoT is redefining the boundaries of the security perimeter. The internet of things (IoT) is introducing new connected devices — including sensors, wearables and machine-to-machine systems — that need digital identities. IoT may be located beyond the corporate network and requires operational and IT security to be integrated. Hacking these devices risks critical safety failures that cause physical injuries and even death.
5. Skilled resources are getting harder to find. With passwords serving as the primary means of authentication for decades, most organizations haven’t focused on building in-house skills to tackle issues associated with multifactor authentication, mobile device management, single sign on, decentralized data security and application protection. This situation will worsen as competition for employee skillsets grows.
Explore the latest tools and techniques, including biometric authentication, privileged account management, access controls, and more.
The new face of mobile authentication: ConfidentID
The rise of GPS-enabled smartphones brought the first revolutionary changes to authentication, enabling enterprises to enforce geo-fencing rules and prevent remote hacking.
Today, with most smartphones equipped with a camera, microphone, gyroscope and fingerprint scanners, authentication now centers on human beings. The latest technologies harness the power of all of these tools and sensors to improve authentication by many factors.
The new generation of biometric capabilities employ all currently understood and accepted methods of authentication — something you know, something you have, where you are and, most importantly, your unique biometrics. By engaging any combination of these methods, along with liveness checks, mobile devices are enabling strong authentication and a seamless, frictionless journey for users.
Delight users with powerful multifactor authentication in ConfidentID
Mobile app-only bank relies on biometrics
Atom Bank provides a glimpse into the future of banking. The UK bank runs entirely on a mobile application. There’s not a single physical branch or even a desktop website where customers can perform transactions.
The banking application, which uses a gaming platform and 3D rendering system with graphics and animations, is secured by DXC ConfidentID biometrics authentication.
Customers use biometrics such as facial and voice recognition to gain access and perform various functions, from setting up accounts to transferring funds. They can also personalize their apps by changing screen colors and logos.
“Every single customer has a different Atom brand. This bank in your pocket is completely tailored to you,” says Stewart Bromley, Atom chief operating officer. “The whole experience is completely unique to you.”
Atom Bank was launched in 2015 and grabbed headlines in 2017 for signing up 5,000 new customers in a single day through an interest rate promotion.
Secure privileged accounts
Privileged accounts, which typically have access to an organization’s most sensitive data, are increasingly becoming a target of hackers, insiders, disgruntled employees and whistleblowers.Gaining control of privileged accounts is challenging—especially when you don’t know how many of these accounts exist within your enterprise. In fact, most organizations have many more privileged accounts than they can document.DXC Privileged Account Management (PAM) offers an industry-leading, integrated technology solution backed by expert consulting and managed security services that design, deploy, and manage privileged accounts. This lets you:
- Protect critical assets
- Meet compliance requirements
- Invest in business operations instead of IT and management resources
Employees expect immediate access to information across multiple channels. Organizations demand protection against data loss or privacy exposure. Everyone wants a positive experience using a secure, unified solution.
DXC Authentication Broker is a scalable, cloud-hosted service that manages authentication and authorization processes across applications and APIs. It controls access for customers, partners, employees, devices, machines and bots.
Built on a digital identity infrastructure, this powerful service can scale to tens of millions of identities, allowing customers and partners to bring their own identities from social media, employers, government and industry identity providers. This user-managed approach makes privacy compliance easier and users' experiences better by placing the right information in the hands of the right people at the right time.
DXC’s Authentication Broker provides a digital identity infrastructure that scales to tens of millions of identities and allows you to leverage our services to provide identity across your applications and services, regardless of the entity needing access.
Transform the customer experience with IAM services
DXC’s family of identity and access management (IAM) services are designed to ensure a smooth and seamless customer experience, win loyalty and build trust.
Our digital identity services manage user account and credential life cycles, providing high levels of automation and user self-service and escalating to service staff when the human touch is required.
Our digital identity services manage user account and credential life cycles, providing high levels of automation, user self-service and escalation to service staff when the human touch is required.
Focused on customer experience
DXC focuses on ensuring a smooth user experience that doesn’t compromise an organization’s security posture. Using behavior analytics to assess risks in real time before prompting users to authenticate, IAM offers not just passwords, but a choice of people-friendly validation methods such as voice and face recognition.Tuned for mobile devices to provide high levels of assurance with minimal effort from users, IAM supports compliance and trusted relationships between people, services and connected devices.
Deliver the right information at the right time to the right people with Authentication Broker
Take the next step
Find out how DXC helps organizations worldwide secure digital identities.
DXC’s industry-leading security solutions help you verify identities, proactively respond to threats, ensure compliance, and secure data, applications, infrastructure and endpoints.
DXC Technology is one of the few companies in the world with the depth of expertise needed to transform your identity and access management program.
Global capability. Strengthen your security posture, regardless of location. Global threat intelligence and in-depth knowledge of regional regulations fuel the successful design, deployment, management and monitoring of our end-to-end IAM solutions.
Flexibility. Find the solution that best fits your infrastructure needs. Choose from flexible implementation approaches and hosting options that include on-premises, data center, hybrid, private cloud and public cloud.
Best-in-class technology. Protect against costly breaches with DXC security solutions powered by cutting-edge technology from 40+ industry-leading vendors, comprehensive deployment practices and proven manged security services.Industry expertise. Take advantage of our highly trained security professionals with decades of experience delivering tailored IAM programs across nearly every industry.
Assess your readiness
About DXC in Security
Leading independent, end-to-end IT services company
Global security operation centers on 5 continents, supporting clients in 70+ countries
Full suite of security solutions, including advisory services, managed security services and risk management
4,000+ security and identity management specialists
Proven cyber-reference architecture