Welcome!

Cloud Security Authors: Elizabeth White, Pat Romanski, Zakia Bouachraoui, Liz McMillan, Yeshim Deniz

Related Topics: Cloud Security, Microservices Expo, Open Source Cloud, Containers Expo Blog, Agile Computing, @CloudExpo

Cloud Security: Article

Adaptive Risk: Making Sure You Are Who You Say You Are

Identification by predictive behavior to prevent account takeover

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist and embedded in some of the survey prompts hides an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and take screen shots as she navigates through your network. Now some unauthorized entity has her login credentials, passwords…essentially her online/employee  identity and access to your enterprise’s proprietary assets and other sensitive data.

You tell them, you educate them, but sometimes it’s not enough. You need to implement another layer of security. These threats aren’t new…they simply get more insidious, more widespread and more effective.

Account takeover is one of the more prevalent forms of identity theft and one of the most damaging to businesses. In fact, according to Meridien Research, while the victim suffers an average loss of $808, businesses absorb about $18,000 (that's more than 20x) in fraudulent charges per victim.

Problem is, every time technology finds a way to slow or prevent some type of fraud, hackers will always be one step ahead. But it’s not a hopeless consideration. Especially if you apply adaptive risk processes into your security initiatives.

Adaptive risk is the key engine in the unified Identity Management/Access Management (IAM) deployment.  It provides the smarts (or the means to collect the “fingerprints”) of possible identity breaches while closely controlling who gets to access what portions of your network.

This process is designed to assess/score risk attributes during authentication so that Access Management can determine whether to require the user to complete further authentication steps. The risk threshold is the first value set in the module and various checks can be enabled, each with their own score. For example, if Ann is a Admin Assistant for marketing, her credentials are not enough to give her access to HR applications or finance data. However, even if the network weren’t partitioned as such and her credentials were stolen, it’s highly unlikely she's trying to access social security numbers from a laptop in Belorussia at 3 in the morning. Or someone using Ann’s “identity” is trying to buy 10,000 Los Angeles Dodger jerseys from a “vendor” site in China using company funds, there are certain levels of authentication beyond password that can be applied to prevent further breach.

Taking a step back, it really starts with asserting control of the process. You must have the visibility to verify such things as a specific device or location. Then you need the parameters to recognize and affirm behavior patterns to ensure proper identity. These verifications are added to existing enterprise requirements for login/password credentials and additional knowledge-based authentication. In this way, adaptive risk policies make an endpoint an additional second factor-without requiring any behavior change.

Through IAM, there are certain aspects you need to apply to get that enhanced visibility and to exert the necessary activity control:

  • Multi-authentication using details a fraudster cannot easily know (pet's name, parent's anniversary, the name of your first grade teacher, etc…) especially when authorizing a payment, changing/modifying administrative rights or access to certain data.
  • Detect proxy IP addresses and reveal the true location of a fraudster. Combined with an intrusion detection process through SIEM, you can identify the specific geo codes and other suspect indicators (time, mode of entry, etc…) in real time.
  • Detect inconsistencies in device, location, address, email, etc. to reveal suspicious activity and anomalies
  • Device lock out for failed access
  • Email confirmation/notification for any change to admin rights
  • Track velocity of information being presented to detect fraudulent activity such as multiple accounts associated with a single device.
  • Detect account utilization anomalies such as credential sharing.
  • Prevent/allow access  through role based provisioning
  • Apply user and company activity limit policies

To those that heavily sighed because the cost of such a deployment is not just prohibitive, but resource draining, I say the enterprise power of cloud-based solutions (security-as-a-service) makes these initiatives affordable, manageable, and most importantly, strengthens the backbone of any security initiative.

Many companies (especially financial institutions) have various anti-fraud programs. For many it’s more than a compliance issue, but one of common sense protection. However, too many modest organizations like regional and community banks are hamstrung by a “decline in anti-fraud expertise.” (says Dr. Ken Baylor Research Vice President  for NSS Labs, a leading information security research and advisory company) This is not to say dealing with such organizations is a risk. In fact, because many of them find additional value in cloud-based security initiatives, they are as safe as their Wall Street brethren. Security-as-a-service has been show to provide the equalization factor—the ability to apply enterprise-class power, capability and control over access to the network and the expanding perimeter of SaaS and other third party applications and solutions requiring authorization and credentialing.

And it starts with a plan, a policy and a process.

More Stories By Kevin Nikkhoo

With more than 32 years of experience in information technology, and an extensive and successful entrepreneurial background, Kevin Nikkhoo is the CEO of the dynamic security-as-a-service startup Cloud Access. CloudAccess is at the forefront of the latest evolution of IT asset protection--the cloud.

Kevin holds a Bachelor of Science in Computer Engineering from McGill University, Master of Computer Engineering at California State University, Los Angeles, and an MBA from the University of Southern California with emphasis in entrepreneurial studies.

IoT & Smart Cities Stories
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.