Riaan Ama-CISO atshela i-VentureBeat ukuthi ithatha indlela esebenzayo yokwenza izinto zibe zesimanjemanje ukuphathwa kokufinyelela komazisi (IAM) – futhi lokhu kuqala ngokunciphisa uhlelo lokusebenza lwefa kanye nokusabalala kwephoyinti lokugcina. Umgomo uyisitaki sobuchwepheshe esisebenza kahle kakhudlwana, esongayo, esiqinile esiqine ngokwanele ukukala futhi sisekele ibhizinisi labo ngobubanzi. zero-ithemba izinhlaka.
Ubunikazi buvinjezelwe ngoba abahlaseli, amaqembu ezigebengu kanye ukuphikelela okuthuthukile usongo (APT) izinhlangano ziyazi ukuthi ubunikazi buyindawo yokugcina yokulawula. Amashumi ayisikhombisa-amaphesenti ayisishiyagalombili amabhizinisi bathi ukwephulwa komazisi kube nomthelela ngqo ekusebenzeni kwebhizinisi labo kulo nyaka. Kulezo zinkampani ezephuliwe, ama-96% manje akholelwa ukuthi ngabe agwema ukwephulwa komthetho ukube basebenzise izivikelo ezisekelwe kumazisi we-zero-trust ngaphambilini. UForrester wakuthola lokho 80% yazo zonke ezokuphepha ukwephulwa qala ngokuxhashazwa kwemininingwane eyilungelo.
Inhlolovo ka-Delinea mayelana nokuvikela ubunikazi ithole ukuthi ama-84% ezinhlangano ahlangabezane nokuphulwa okuhlobene nobuwena ezinyangeni eziyi-18 ezedlule. Futhi uGartner wakuthola lokho 75% ukwehluleka kwezokuphepha kubangelwa emaphutheni omuntu ekulawuleni amalungelo nobunikazi bokufinyelela, kusukela ku-50% eminyakeni emibili edlule.
Ukuvikela ubunikazi kungumongo ukuze ungathembeki
Ukuhlanganisa amasistimu e-IAM akhona abe yinkundla ehlangene esekelwe kumafu kuthatha ubuchwepheshe bokuthi amasistimu wefa ahlanganisiwe achaza futhi ahlele idatha, izindima kanye nemininingwane yokufinyelela okukhethekile. Amaqembu ezinsiza ezichwepheshile abahlinzeki be-IAM asebenza nama-CISO ukuze alondoloze idatha ye-IAM yefa futhi akhombe izindawo zentela yabo eyenza umqondo omkhulu wenkundla ye-IAM ehlanganisiwe, yebhizinisi lonke. Abahlinzeki abaphawulekayo abasiza izinhlangano ukwenza izinhlelo zabo ze-IAM kanye nezinkundla zibe zesimanje I-CrowdStrike, Delinea, U-Ericom, ForgeRock, IBM Ifu Ubunikazi futhi I-Ivanti.
Ama-CISO atshela i-VentureBeat ukuthi izindleko zokugcina amasistimu e-IAM efa ziyenyuka – ngaphandle kokukhuphuka okuhambisanayo kwevelu elinikezwa yilezi zinhlelo zefa. Lokho kuphoqa i-IT namathimba okuvikela ukuthi athethelele ukusebenzisa imali eningi kumasistimu aletha idatha yesikhathi sangempela esincane ekutholeni usongo nokusabela.
Amapulatifomu e-IAM asekelwe efwini nawo kulula ukuwahlanganisa, nokwenza lula izitaki zobuchwepheshe ngokuqhubekayo. Akumangazi ukuthi isidingo sama-IAM aguqukayo, ahlanganisiwe sisheshisa ukusetshenziswa kwebhizinisi. Imakethe ye-IAM yomhlaba wonke kulindeleke ukuthi inyuke isuka ku-$15.87 billion ngo-2021 iye $20.75 ibhiliyoni kulo nyaka.
Umgomo: Ukuthuthukisa i-IAM ukuze kuqinise ukungabikho kwethemba
Amaqembu e-IT amaningi kanye nezokuphepha alwa nokusabalala kwe-endpoint, njengoba amasistimu e-IAM efa adinga ukubuyekezwa kwezichibiyelo kuzo zonke izindawo zokugcina. Engeza kulokho imvelo ehlanganisiwe yezinhlelo ze-IAM zefa ezinezinketho ezilinganiselwe zokuhlanganisa futhi, kwezinye izimo, awekho ama-API, futhi kulula ukubona ukuthi kungani ama-CISO efuna indlela esekelwe ku-zero esekelwe ku-IAM engakhula ngokushesha. Isikhathi nengcuphe yokonga okuthenjiswe amasistimu e-IAM efa akuhambisani nesilinganiso, ubukhali nesivinini sanamuhla. ukuhlasela kwe-inthanethi.
Isidingo sokubonisa imiphumela yokuhlanganisa izitaki zobuchwepheshe asikaze sibe sikhulu. Ngaphansi kwengcindezi yokuletha imisebenzi eqinile yokumelana ne-inthanethi ngezindleko eziphansi, ama-CISO atshela i-VentureBeat ukuthi iphonsela inselelo abathengisi bawo abayinhloko ukuze babasize bahlangabezane nalezo zinselele ezimbili.
Ingcindezi yokuletha kuzo zombili izinhlangothi – ukuqina nokonga izindleko – iphusha ukuhlanganiswa kuze kufike phezulu cishe kuzo zonke izingcingo zokuthengisa ezinkulu zabathengisi abaphambili nama-CISO aphambili, i-VentureBeat yafunda. I-CrowdStrike, iqhubeka nokulalela amakhasimende ebhizinisi, alandelelwa ngokushesha ukuthola nokusabela okwandisiwe (XDR) emakethe ngonyaka odlule njenge isisekelo sesu layo lokuhlanganisa. Cishe wonke ama-CISO ayenawo ukuqiniswa emabalazweni abo ngo-2022, ikhuphuke isuka ku-61% ngo-2021.
Kolunye ucwaningo, ama-96% ama-CISO athi ahlela ukuhlanganisa izinkundla zawo zokuphepha, kanti u-63% uthi ukutholwa okunwetshiwe kanye nokuphendula (XDR) ukukhetha kwabo okuphezulu kwesixazululo. Njengoba bebhekana nezincazelo ezigqagqene futhi ezivame ukungqubuzana, indima kanye nezincazelo zobuntu zomuntu ofanayo, kanye imininingwane ye-zombie kanye nezikhala ezingavikelekile kuzo zonke izinhlelo ze-PAM ezisekelwe emafini, ama-CISO atshela i-VentureBeat ukuthi babona ukuthuthukiswa kwesimanje njengethuba lokuhlanza inkampani yonke ye-IAM.
Esinye sezici eziningi ama-CISO azicaphuna ku-VentureBeat ngokufuna ukusheshisa ukuhlanganiswa kwezinhlelo zawo ze-IAM ukuthi amasistimu amafa okunakekela okuphezulu anjani uma kuziwa ekuphathweni nasekugcinweni kwephoyinti lokugcina.
Impela Isoftware 2021 Endpoint Risk Report kutholiwe 11.7 ukuphepha amanxusa efakwe ngokwesilinganiso esiphethweni esijwayelekile. Kufakazelwe ukuthi lapho izilawuli zokuphepha ezengeziwe endaweni ngayinye, yilapho ukushayisana nokubola kwenzeka kaningi, okubashiya engcupheni. Eziyisithupha kwezingu-10 zokuphela (59%) zine-IAM okungenani eyodwa efakiwe, futhi i-11% inamabili noma ngaphezulu. Amabhizinisi manje anesilinganiso soku 96 eyingqayizivele izinhlelo zokusebenza ngedivayisi ngayinyeokuhlanganisa nezicelo eziyi-13 ezibalulekile eziwumgomo.
Kuphi futhi kanjani ama-CISO enza i-IAM ibe yesimanje ngokungathenjwa
Ukuthola i-IAM efanele kuyisinyathelo sokuqala sokuqinisekisa ukuthi uhlaka lwezokuphepha olungathembi lutho lunobuhlakani bomongo oluludingayo ukuvikela konke ubunikazi nendawo yokugcina. Ukuze kusebenze kahle, uhlaka lwe-zero trust network access (ZTNA) kumele lube nobuhlakani bomongo besikhathi sangempela kukho konke ubunikazi. Ama-CISO atshela i-VentureBeat ukuthi kuhle uma engathola wonke amathuluzi e-Access Management (AM) ahlanganiswe kuhlaka lwawo lwe-ZTNA ekuqaleni kwemigwaqo yawo. Ukwenza kanjalo kunikeza ubuqiniso kanye nemininingwane yobunikazi bokuqukethwe edingekayo ukuze kuvikelwe lonke uhlelo lokusebenza lwewebhu, SaaS isicelo kanye nesiphetho.
Ekubekeni phambili ukuthi yiziphi izinyathelo okufanele zithathwe ekwenzeni i-IAM ibe yesimanjemanje ukuze ingathenjwa, ama-CISO atshela i-VentureBeat ukuthi lezi zisebenza kahle kakhulu:
Okokuqala, yenza ucwaningo olusheshayo lwabo bonke ubunikazi kanye nemininingwane yabo yokufinyelela enelungelo.
Ngaphambi kokungenisa noma yibuphi ubunikazi, buhlole ukuze ubone ukuthi yibuphi obungasadingeki. Izindlu zika-Ivanti isikhulu esiphezulu semikhiqizo u-Srinivas Mukkamala sithi “izinhlangano ezinkulu zivame ukuhluleka ukulandisa nge-ecosystem enkulu yezinhlelo zokusebenza, izinkundla kanye nezinsizakalo zezinkampani zangaphandle ezinikeza ukufinyelela sekudlule isisebenzi somsebenzi. Lokhu sikubiza ngemininingwane yama-zombie, kanye nenani elikhulu ngokushaqisayo lochwepheshe bezokuphepha – ngisho nezikhulu ezisezingeni lobuholi – basengakwazi ukufinyelela kumasistimu nedatha yabaqashi bangaphambili.”
Ukwenza i-IAM ibe yesimanje kudinga ukuqala ngokuqinisekisa ukuthi bonke ubuwena isho ukuthi ingubani ngaphambi kokunikeza ukufinyelela kunoma iyiphi isevisi. Abahlaseli baqondise amasistimu e-IAM efa ngenxa yokuthi ubunikazi buyindawo yokulawula ebaluleke kakhulu kunoma yiliphi ibhizinisi elinalo – futhi uma selilawulekile, liqhuba ingqalasizinda.
Okulandelayo, buyekeza ngokucophelela ukuthi ama-akhawunti amasha adalwa kanjani, futhi uhlole ama-akhawunti anamalungelo okuphatha.
Abahlaseli babheka ukuthola ukulawula kokudalwa kwe-akhawunti entsha kuqala, ikakhulukazi amalungelo okuphatha, ngoba lokho kubanika indawo yokulawula abayidingayo ukuze balawule yonke ingqalasizinda. Ukuphulwa okuningi okuhlala isikhathi eside kwenzeka ngoba abahlaseli bakwazile ukusebenzisa amalungelo okuphatha ukuze bakhubaze ama-akhawunti esistimu yonke kanye nokugeleza komsebenzi wokuthola, ukuze baxoshe imizamo yokuthola ukwephulwa komthetho.
“Izitha zizosebenzisa ama-akhawunti endawo futhi zidale ama-akhawunti esizinda amasha ukuze kuzuzwe ukuphikelela. Ngokunikeza ama-akhawunti amasha amalungelo aphakeme, isitha sizuza amanye amakhono kanye nezinye izindlela zokusebenza ngokucashile,” kusho uParam Singh, iphini likamongameli we-Falcon OverWatch e-CrowdStrike.
“Umsebenzi we-akhawunti yesevisi kufanele ucwaningwe, ukhawulelwe ukuze uvumele kuphela ukufinyelela ezinsizeni ezidingekayo, futhi kufanele ube nokusethwa kabusha kwephasiwedi okuvamile ukuze kukhawulwe indawo yokuhlasela kwabamelene nabo abafuna indlela yokusebenza ngaphansi,” esho.
Nika amandla i-multifactor authentication (MFA) kusenesikhathi ukuze unciphise ukuphazamisa ulwazi lomsebenzisi.
Ama-CISO atshela i-VentureBeat ukuthi inhloso yawo ukuthola isisekelo sokuvikela kubunikazi ngokushesha. Lokho kuqala ngokuhlanganisa i-MFA ekuhambeni komsebenzi ukunciphisa umthelela wayo ekukhiqizeni kwabasebenzisi. Umgomo uwukuthola ukuwina okusheshayo kwesu le-zero-trust futhi ubonise imiphumela.
Nakuba ukuthola ukutholwa ukuze kukhuphuke ngokushesha kungaba inselele, ama-CIO ashayela ukuqwashisa ngokuvikeleka okusekelwe kubunikazi bona i-MFA njengengxenye yomgwaqo wokufakazela ubuqiniso obanzi – ohlanganisa engenaphasiwedi ubuchwepheshe namasu okuqinisekisa. Abahlinzeki abahamba phambili bokuqinisekisa okungenaphasiwedi bahlanganisa I-Ivanti’s Zero Sign-On (ZSO), isixazululo esihlanganisa ukufakazela ubuqiniso obungenaphasiwedi, ukwethenjwa okuyiziro kanye nolwazi olunzulu ngomsebenzisi kuplathifomu yayo yokuphathwa kwe-endpoint (UEM). Abanye abathengisi bahlanganisa I-Microsoft Azure Active Uhla lwemibhalo (Azure AD), I-OneLogin Ubunikazi Bomsebenzi, Thales Ukufinyelela Okwethenjwayo kwe-SafeNet futhi IWindows Sawubona Ngebhizinisi.
Ngaphambi kwesikhathi, shintsha amasistimu e-IAM efa angakwazi ukuqapha ubunikazi, izindima kanye nomsebenzi wokuqinisekisa wokufinyelela okunelungelo.
I-VentureBeat ifunde kuma-CISO ukuthi manje isiyindawo yokunqamuka kwezinhlelo ze-IAM zefa. Kuyingozi kakhulu ukuthembela ku-IAM engalandelela kuphela umsebenzi othile wobunikazi kuzo zonke izindima, ukusetshenziswa okukhethekile kokufinyelela kanye nokusetshenziswa kwendawo yokugcina ngesikhathi sangempela.
Abahlaseli baxhaphaza izikhala ezinhlelweni ze-IAM zefa – banikeza izinzuzo kuwebhu emnyama ukuze bathole izifakazelo zokufinyelela okukhethekile ekubalweni kwezimali okumaphakathi nezinhlelo zezimali, isibonelo. Izigebengu kanye nokwephulwa kwemithetho sekukhule kunezici eziningi futhi kuhlukanisiwe, okwenza ukuqapha okuqhubekayo – inkambiso ewumongo yokungathembeki – okufanele. Ngalezo zizathu zizodwa, izinhlelo ze-IAM zefa ziphenduka isikweletu.
Thola i-IAM khona kanye kumafu amaningi: Khetha inkundla enganikeza i-IAM ne-PAM kuwo wonke ama-hyperscalers amaningi — ngaphandle kokudinga ingqalasizinda yobunikazi entsha.
Yonke i-hyperscaler inesistimu yayo ye-IAM ne-PAM elungiselelwe ingxenyekazi yayo ethile. Unganciki kumasistimu e-IAM noma e-PAM angazange abonakale esebenza kahle ekuvaleni izikhala phakathi kwama-hyperscaler amaningi nezinkundla zamafu zomphakathi.
Kunalokho, sebenzisa ukuhlanganiswa kwemakethe kwamanje ukuze uthole inkundla yefu ehlanganisiwe engaletha i-IAM, i-PAM nezinye izici eziyinhloko zesu elisebenzayo lokuphatha ubunikazi. Ifu liwine imakethe ye-PAM futhi iyinkundla ekhula ngokushesha ye-IAM. Iningi, ama-70%, okuphathwa kokufinyelela okusha, ukubusa, ukuphatha kanye nokuphakelwa kokufinyelela okunenhlanhla kuzoba kuvuliwe. kuhlangene Izinkundla ze-IAM ne-PAM ngo-2025.
Ukwenza i-IAM ibe amandla kumasu okungethenjwa
Ama-CISO atshela i-VentureBeat ukuthi sekuyisikhathi sokuqala ukubheka i-IAM ne-ZTNA njengama-cores anoma yiluphi uhlaka lwe-zero-trust. Esikhathini esedlule, i-IAM kanye nokuphepha kwengqalasizinda okuyinhloko kungenzeka ukuthi kwakuphethwe amaqembu ahlukene anabaholi abahlukene. Ngaphansi kwezero trust, i-IAM ne-ZTNA kumele babelane ngomgwaqo ofanayo, imigomo kanye nethimba lobuholi.
Izinhlelo ze-IAM zefa ziyisibopho ezinhlanganweni eziningi. Bahlaselwa ukuze bafinyelele iziqinisekiso ngabahlaseli abafuna ukuthatha izintambo zokudalwa kwamalungelo okuphatha. Ukusebenzisa i-IAM njengengxenye eyinhloko ye-zero trust kungagwema ukwephulwa kwemithetho ebizayo efaka engozini konke ubunikazi bebhizinisi. Ukuze izinhlaka ze-ZTNA zilethe amandla azo aphelele, idatha yobunikazi kanye nokuqapha ngesikhathi sangempela kwayo yonke imisebenzi kuyadingeka.
Sekuyisikhathi sokuthi izinhlangano zigxile ekuhlonzeni njengengxenye esemqoka yokungathembeki, futhi zenze le ndawo ebucayi yengqalasizinda yazo ibe yesimanjemanje.
Umsebenzi we-VentureBeat kufanele kube isikwele sedolobha esidijithali sabenzi bezinqumo zobuchwepheshe ukuze bathole ulwazi mayelana nobuchwepheshe bebhizinisi obushintshayo kanye nokuhwebelana. Thola Okufingqiwe kwethu.
