3 Myths About Identity and Access Management

 

Myth 2: IAM Reduces the Risk of Breaches Due to Human Error 

Think of IAM as human-proofing an organization’s endpoint security, much like a parent would childproof a home. It makes it harder for mistakes to happen, but it doesn’t eliminate the risk altogether. If vulnerabilities do emerge, however, the consequences are likely to be less severe because IAM has prevented a full-scale security breach.

According to Proofpoint, “Identity-centric attacks are a practical calculation by bad actors. Why would they invest their time and resources to build exploits to help them get in through a virtual back door when they can just walk through the front door?”

This is why stolen credentials and phishing are two of the top three ways that cybercriminals infiltrate organizations. In fact, 74 percent of all security breaches are caused by “human actions,” meaning that someone fell for a scam or social engineering tactic.

EXPLORE: How single sign-on improves educator efficiency and security.

This is also why IAM succeeds. By helping authenticate users’ true identities, IAM mitigates the risk of security breaches due to human error.

K–12 IT leaders looking to achieve cyber resilience should prioritize IAM practices and train employees to spot the signs of a phishing or quishing (QR phishing) scam before it escalates.

“Consider this example,” the CDW article offers. “An employee was out to dinner with his family and knew he was not attempting to access corporate assets, yet he still validated an access attempt through multifactor authentication (MFA) on his smartphone. Only training that increases individual awareness and accountability could have stopped this successful ransomware attack.”

RELATED: How to implement identity and access management in K–12 schools. 

Myth 3: Zero Trust for IAM Comes in a Single Solution 

IAM is a core tenet of the zero-trust philosophy. It’s an essential step for organizations on a journey toward achieving zero-trust maturity. But using IAM does not mean that a K–12 district has achieved zero trust.

Zero trust is more complicated. It requires that schools leverage multiple solutions for optimal security at every endpoint within an IT system. These include MFA, SSO, privileged access management, role-based access modeling, automatic account elevation, identity governance, continuous authentication, and user and entity behavior analytics.

“The current IAM marketplace includes multiple vendors and solutions that meet nearly every budget and delivery preference — cloud, hybrid or on-prem,” notes the CDW article.  “Don’t let IAM myths keep your organization from advancing your journey toward zero trust with identity security.”

Editor’s note: This article was originally published on June 6, 2024.