Adapting Identities and Secrets To The Changing State of Cybersecurity

Akeyless was honored to have former NSA Director, Admiral Mike Rogers, open the sessions at KeyConf NYC’21. In his impressive career, Admiral Rogers held key positions around the globe, focusing on cyber, intelligence, and national security. From his expert vantage point, he presented his insights on the current state of cybersecurity, and what organizations need to defend themselves against the rapidly changing tactics of bad actors such as nation-states and cybercriminal gangs. You can watch his entire session here.

How COVID Changed Cybersecurity

Today’s technology, and certainly cybersecurity technology, evolves at an unprecedented rate. But the global COVID pandemic certainly accelerated important ongoing trends. Most organizations were forced to suddenly support hybrid work models. At first, there were just temporary measures to keep the business running. But now, almost two years later, it is hard to imagine going back to the situation where a majority of the workforce is in the office. We also learned that our classic security models are working against us.

We have shifted away from the classic network design, where we worked within a safe castle (the office), and we were kept safe by the moat our security stacks created to keep the bad guys out. But now more than ever, corporate users go online from their home offices or coffee shops, using their personal devices, and connect to apps that run in the cloud instead of the corporate network. Meanwhile, the adoption of digitization also accelerated and we now have a rapidly growing amount of workloads that fluidly move between Azure and AWS.

It is clear that the security perimeter of the corporate work environment is not well defined anymore. Many of us experience a blurred notion of what is personal, and what is work. This is also reflected in how we access and protect our work resources. For IT security teams, this is a great challenge, as we now have a proliferation of endpoints, which they don’t control. Every endpoint essentially creates a potential entry point for an attacker. 

The State of Cybercriminals

As the perimeter concept changed in cybersecurity, there have also been changes in how cybercriminals started to operate. We see increased activity from nation-states, criminal groups, as well as individuals. Nation-state attacks have become more aggressive, with higher risk tolerance. Meanwhile, professional criminals increasingly see cyber as a lucrative tool to generate revenue.

However, criminals select their targets from a very different philosophical viewpoint. They are all about Return of Investment, and risk is an important factor. Criminals try to hit as many targets as possible, as quickly as possible, and as easily as possible, with minimal risk of getting caught. They don’t tend to dwell on individual targets for a large amount of time. Nation-states are quite different: if they believe you have something of value, they spend months and years on their target. Criminals don’t want to hang on for that long, out of risk of detection and getting caught. This is why supply chain attacks are rare, though cybercriminal tactics keep evolving. 

Protecting Secrets and Identities is the Answer

With all these changes, we also must change how we look at security. Identity is the new perimeter, and Zero Trust is now the building block of modern cyber security defenses. We must use tools to accurately define the identity of individuals and devices, but also software. You have to ensure you are dealing with what or whom you think you’re dealing with. Secrets such as credentials, certificates, and keys help us with this process. Of course, these secrets must be very well managed and secured. Secrets are incredibly attractive for malicious actors trying to get access to your resources. By compromising an identity, a bad actor can gain carte blanche access to systems and data, and a great ability to move across the broader IT environment.

Unfortunately, many organizations don’t even know how many secrets they have. If you build your securities based on an incomplete view of your infrastructure reality, you will have gaping holes in your cyber security defenses. You simply can’t protect what you can’t see. In addition, it is too often we see secrets that are long-standing, which is incredibly attractive to an attacker.  To limit risk, you need the ability to automatically revoke and purge them.

Another essential capability of a modern secrets management solution is that it can scale, across hybrid multicloud environments. And not just for your IT organization, it also has to serve your security, cloud enterprise, and your DevOps teams. In this dynamic landscape of users and workloads, you need a centralized, agile solution that can work for all your teams, across on-premises and all your different cloud platforms. The number of endpoints, and secrets, will only proliferate.