Assuming you have identified and verified the person and/or system and/or service as a valid entity, how do you ensure they only have access to these resources, when they need them, from the location they need them, from the system they are requesting them, and at the time they are requesting them?
Your organization has precious resources all over the place: on-premises in the data center on servers and in databases; in the office, at home, on the road on desktops, laptops, tablets, mobile phones, and smart devices; in the cloud inside containers, applications, and a variety of storage services.
Assuming you have identified and verified the person and/or system and/or service as a valid entity, how do you ensure they only have access to these resources, when they need them, from the location they need them, from the system they are requesting them, and at the time they are requesting them? This challenge is much more complex than ensuring a user is set up in the directory and has entered a valid password. That’s what this discussion is going to be all about.
Join us for this session as we explore the following points:
◾️ What does “secure access” mean to security, to ops, to the users, to the business?
◾️ Does the conversation and language need to change between groups?
◾️ How and where is secure access managed?
◾️ How to deal with the systems, applications, and data?
◾️ How does it fit in with Risk Management and SecOps?
◾️ What are some key challenges orgs face?
◾️ What are some of the core elements many orgs leave out?
◾️ Are there processes and/or tools to make things easier?
◾️ Any best practices or tips to simplify the program?
____________________________
Guests
Shinesa Cambric
Identity Champion at Identity Defined Security Alliance [@idsalliance] | Principal Product Manager for Emerging Identity at Microsoft [@Microsoft]
On LinkedIn | https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa®-0480685/
On Twitter | https://twitter.com/Gleauxbalsecur1
John Sapp Jr
VP, Information Security & CISO at Texas Mutual Insurance Company [@texasmutual]
On LinkedIn | https://www.linkedin.com/johnbsappjr
On Twitter | https://www.twitter.com/czarofcyber
____________________________
This Episode’s Sponsors
Imperva: https://itspm.ag/imperva277117988
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
Identify Defined Security Alliance Best Practices: https://www.idsalliance.org/identity-defined-security-framework/best-practices/
Enterprise Risk - Engaging Others: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/addressing-risk-using-the-new-enterprise-security-risk-management-cycle
____________________________
Catch the on-demand live stream video and podcast here: https://www.itspmagazine.com/live-panels/secure-access-and-authorization-keeping-precious-resources-safe-from-prying-eyes-and-bad-actors-redefining-cybersecurity-with-sean-martin
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships