Improving MIM Process With A Crypto-Agile Framework

Cloud adoption and the proliferation of machine identities affects all industries – no business in the United States can escape it. When cloud emerged 10 years ago it was on the bleeding edge of technology – and risk. In those early days few thought financial services firms like banks would adopt it purely because banks are so risk adverse. However, over the last year alone a record number of banks have been moving away from on-prem data centers and toward cloud-hosted infrastructure.

Q3 2021 hedge fund letters, conferences and more

Security Issues With Financial Services Companies

The identity and access management (IAM) trends and strategies survey reveals a common thread, which is security and an overall lag in IT maturity to match modern use cases. Financial services companies are highly regulated, which means that a lot of annual budget diverts to internal efforts to support compliance activities and security implementation. A lack of available budget results in a roving scale of IT maturity with many focusing on traditional perimeter security defenses, rather than emerging use cases and machine identities. The focus on perimeter defenses means that these firms aren't investing in technology that can help them mature their overall security posture. It's a traditional mindset, versus an approach that considers the complexity of today's threat landscape and the specific attack vectors that could put their business at risk.

A surprising number of banks and financial services firms continue to use more traditional manual processes and human elements. Many manual processes are essential in bank environments because of the nature of the business and business approval systems, however automated tools and technology can bring a hybrid model to the table that accommodates both manual and automated use cases.

Protecting financial transactions extends beyond ATM machines. Modern use cases like multi-factor and IoT security need advanced digital certificate and key management that supports a hardened security posture.

Introducing a crypto-agile framework within the broader corporate IT security strategy can help financial services modernize their IAM approach and better manage machine identities. Crypto agility is an approach that matches an organization’s current IAM use cases to scale. Having the framework in place supports a hybrid approach that allows for seamless automated updates and delivers greater security confidence.

Tips To Map A Crypto-Agile Approach

Here are four steps that business and IT leaders can apply to map a crypto-agile approach and improve their machine identity management processes:

1. Establish crypto agility. Build a digital certificate inventory and lifecycle workflows to establish your crypto strategy and framework.
2. Run an inventory.Identify every certificate within the business and use cryptographic parameters to understand where machine identities (digital keys and certificates) have been deployed and what assets they secure.
3. Develop a certificate lifecycle plan. Standardize certificates to ensure that common workflows are followed when machine identities are deployed. Standardization addresses audit questions focused on asset custody and other downstream issues that could impact compliance.
4. Adopt IT automation technology. Traditional and manual certificate management processes aren’t equipped to revoke and reissue certificates at scale, so introducing a single, automated platform can provide better visibility, simplifying the identification and replacement process.

Updated on

© ValueWalk