Security has always been a team effort. But the continued prevalence of cyberattacks and their impact on business operations shows that work still needs to be done. Security leaders, security practitioners, and individuals must remain vigilant.
Identities are at the eye of the storm. Stolen and compromised credentials are often at the center of breaches, and reducing the risk of attacks requires taking an identity-first approach to cybersecurity. To promote the importance of marrying identity and security, the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCA) joined forces to create Identity Management Day in 2021. Registration is now open for this year’s virtual conference taking place on Tuesday, April 11, and featuring 11 sessions and over 20 identity and security experts.
At the IDSA, our research has shown that identity-related breaches continue to challenge today’s organizations. From phishing to credential theft to multifactor authentication (MFA) spamming—to #BeCyberSmart, you have to #BeIdentitySmart. Depending on your role, being identity smart can mean different things. For security leaders, it means prioritizing identity as part of your security program—taking the bull by the horns and ensuring the top executives understand how protecting identities will enable the organization to achieve its business, security, and compliance objectives. Winning executive support is critical, as supporting this strategy will take more than investments in technology. It will also require investing in a culture of security that puts identity first from a security awareness and best practices standpoint.
For security practitioners, being identity smart means focusing on implementing IDSA security outcomes. Moving with the knowledge that identity management is crucial to reducing the risk of attacks, security practitioners are responsible for helping their organizations shrink the threat landscape by addressing any gaps around identity protection. This can range from rolling out MFA for all users to periodically attesting all privileged access or taking actions such as cleaning up Active Directory to remove any orphaned accounts.
The final piece of the puzzle is the crucial role of consumers and individual employees. Bad practices can undermine even the most effective security technology. When individual users are not making the protection of their digital identity a priority, it is easy for them to fall into pitfalls, such as choosing weak passwords or using the same password across different websites and applications. Staying safe online is often about not being an easy target. That is why it is critical for individuals to implement good security hygiene by keeping their systems and software up to date, learning to recognize the signs of phishing and other identity-related attacks, and adopting behaviors that make the lives of attackers more difficult.
Keeping identities safe takes all three groups working together with a common mindfulness of security. As part of promoting identity management, Identity Management Day also is a time for recognizing organizations and leaders who have made identity management and security foundational to their missions.
The 2023 Identity Management Awards acknowledge those who evangelize putting identity first and share best practices. There are four categories of awards:
- Identity Management Project of the Year – Enterprise
- Identity Management Project of the Year – SMB
- Best Identity-Based Zero Trust Initiative
- Identity Management Leader of the Year
The award nomination process is open through Thursday, March 31, 2023. Anyone can nominate a person or company (even themselves or their company), and there is no submission fee. The winners will be announced on Identity Management Day.
Protecting an organization’s systems, data, and people begins with strategic discussions and a commitment to staying secure from the C-suite to the lowest-level employee with network access. While April 11 may be Identity Management Day, threat activity takes no breaks, and limiting risk is a 365-day-a-year task. But by adopting an identity-focused approach, IT and business leaders can raise the bar attackers need to clear to successfully compromise their organizations.